Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,629 advisories

Loading
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc
Credited to benoitc
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
Credited to kexinoh and russellb
Jenkins Zoom Plugin is Missing Password Field Masking Low
CVE-2025-0148 was published for io.jenkins.plugins:zoom (Maven) Feb 4, 2025
DevDojo Voyager vulnerable to reflected Cross-site Scripting Low
CVE-2024-55416 was published for tcg/voyager (Composer) Jan 30, 2025
Potential DoS when using ContextLines integration Low
GHSA-r5w7-f542-q2j4 was published for @sentry/astro (npm) Jan 28, 2025
mstrokin
Credited to mstrokin
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55227 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55228 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Low
CVE-2025-24783 was published for org.apache.cocoon:cocoon-forms-impl (Maven) Jan 27, 2025
Directus has a DOM-Based cross-site scripting (XSS) via layout_options Low
GHSA-9qrm-48qf-r2rw was published for directus (npm) Jan 23, 2025
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
mfulton26
Credited to mfulton26
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
Lodestar snappy checksum issue Low
GHSA-m9c9-mc2h-9wjw was published for @lodestar/reqresp (npm) Jan 14, 2025
gln7
Credited to gln7
Lodestar snappy decompression issue Low
GHSA-53rv-hcvm-rpp9 was published for @lodestar/reqresp (npm) Jan 14, 2025
gln7
Credited to gln7
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
Credited to ritzdorf, vasinicola, and trocher
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER Low
CVE-2025-0343 was published for github.com/apple/swift-asn1 (Swift) Jan 14, 2025
baarde
Credited to baarde
TYPO3 Information Disclosure via Exception Handling/Logger Low
CVE-2024-55891 was published for typo3/cms-install (Composer) Jan 14, 2025
ohader
Credited to ohader
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
notation-go has an OS error when setting CRL cache leads to denial of signature verification Low
CVE-2024-51491 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 JeyJeyGao
shizhMSFT
Credited to Faeris95, JeyJeyGao, and shizhMSFT
Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability Low
CVE-2024-55226 was published for vaultwarden (Rust) Jan 9, 2025
Vaultwarden HTML injection vulnerability Low
CVE-2024-55224 was published for vaultwarden (Rust) Jan 9, 2025
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution Low
CVE-2025-22151 was published for strawberry-graphql (pip) Jan 9, 2025
jamietdavidson bellini666
patrick91
Credited to jamietdavidson, bellini666, and patrick91
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh Low
CVE-2025-22149 was published for github.com/MicahParks/jwkset (Go) Jan 9, 2025
rohitkoul
Credited to rohitkoul
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie
Credited to stevebeattie
Mattermost has Improper Check for Unusual or Exceptional Conditions Low
CVE-2025-22445 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database