GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files
Moderate
CVE-2025-26795
was published
for
org.apache.iotdb:iotdb-jdbc
(Maven)
May 14, 2025
Moodle stored Cross-site Scripting (XSS)
Moderate
CVE-2024-33997
was published
for
moodle/moodle
(Composer)
May 31, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-42512
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Mar 3, 2025
Apache Pinot Vulnerable to Authentication Bypass
Critical
CVE-2024-56325
was published
for
org.apache.pinot:pinot-broker
(Maven)
Apr 1, 2025
Rancher's SAML-based login via CLI can be denied by unauthenticated users
Moderate
CVE-2025-23387
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API
High
CVE-2025-23388
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
High
CVE-2025-23389
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Elasticsearch Uncaught Exception leading to crash
Moderate
CVE-2024-23449
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 29, 2024
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
Moderate
CVE-2024-52980
was published
for
org.elasticsearch:elasticsearch
(Maven)
Apr 8, 2025
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
Moderate
CVE-2024-52981
was published
for
org.elasticsearch:elasticsearch
(Maven)
Apr 8, 2025
io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Moderate
CVE-2025-32951
was published
for
io.jmix.rest:jmix-rest
(Maven)
Apr 22, 2025
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Moderate
CVE-2025-32950
was published
for
io.jmix.localfs:jmix-localfs
(Maven)
Apr 22, 2025
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Moderate
CVE-2025-32952
was published
for
io.jmix.localfs:jmix-localfs
(Maven)
Apr 22, 2025
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Rancher users who can create Projects can gain access to arbitrary projects
High
CVE-2024-22031
was published
for
github.com/rancher/rancher
(Go)
Apr 25, 2025
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Use after free in actix-service
Moderate
CVE-2020-35899
was published
for
actix-service
(Rust)
Aug 25, 2021
Use-after-free in actix-codec
Critical
CVE-2020-35902
was published
for
actix-codec
(Rust)
Aug 25, 2021
Use after free in actix-utils
Critical
CVE-2020-35898
was published
for
actix-utils
(Rust)
Aug 25, 2021
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
ThinkAdmin directory traversal vulnerability
High
CVE-2020-25540
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
High
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-34000
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in analytics management of models
High
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API