Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,974 advisories

Loading
Mattermost Fails to Verify User's Permissions When Accessing Groups Moderate
CVE-2025-2527 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Bullfrog's DNS over TCP bypasses domain filtering Moderate
CVE-2025-47775 was published for bullfrogsec/bullfrog (GitHub Actions) May 15, 2025
vin01
Sulu vulnerable to XXE in SVG File upload Inspector Moderate
CVE-2025-47778 was published for sulu/sulu (Composer) May 15, 2025
mcdruid alexander-schranz
ausi
Mattermost Fails to Validate Team Invite Permissions Moderate
CVE-2025-3446 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures Moderate
CVE-2025-31947 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality Moderate
CVE-2024-52290 was published for github.com/lf-edge/ekuiper (Go) May 14, 2025
TheMostKnown
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation Moderate
CVE-2025-47888 was published for io.jenkins.plugins:dingding-notifications (Maven) May 14, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
nosurf vulnerable to CSRF due to non-functional same-origin request checks Moderate
CVE-2025-46721 was published for github.com/justinas/nosurf (Go) May 14, 2025
patrickod
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for org.apache.iotdb:node-commons (Maven) May 14, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop Moderate
GHSA-w443-5h3j-jqcp was published for crossbeam-channel (Rust) May 14, 2025 withdrawn
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data Moderate
CVE-2025-47204 was published for bootstrap-multiselect (npm) May 13, 2025
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
OZI-Project/ozi-publish Code Injection vulnerability Moderate
CVE-2025-47271 was published for OZI-Project/publish (GitHub Actions) May 12, 2025
@lumieducation/h5p-server Fails to Sanitize Plain Text Strings Moderate
CVE-2025-47828 was published for @lumieducation/h5p-server (npm) May 11, 2025
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
fast_id_map has a soundness issue and is unmaintained Moderate
GHSA-4h96-mv53-2c86 was published for fast_id_map (Rust) May 8, 2025
Rack session gets restored after deletion Moderate
CVE-2025-46336 was published for rack-session (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Rack session gets restored after deletion Moderate
CVE-2025-32441 was published for rack (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Django has a denial-of-service possibility in strip_tags() Moderate
CVE-2025-32873 was published for Django (pip) May 8, 2025
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database