Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,699
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,941
NuGet
708
pip
3,708
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,387 advisories

Loading
LibreNMS stored Cross-site Scripting vulnerability in poller group name Low
CVE-2025-47931 was published for librenms/librenms (Composer) May 19, 2025
Fewword
Vyper's `slice()` may elide side-effects when output length is 0 Low
CVE-2025-47774 was published for vyper (pip) May 16, 2025
Vyper's `concat()` builtin may elide side-effects for zero-length arguments Low
CVE-2025-47285 was published for vyper (pip) May 16, 2025
th3anatomist
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
undici Denial of Service attack via bad certificate data Low
CVE-2025-47279 was published for undici (npm) May 15, 2025
styfle mcollina
Next.js Race Condition to Cache Poisoning Low
CVE-2025-32421 was published for next (npm) May 15, 2025
cold-try
Flask uses fallback key instead of current signing key Low
CVE-2025-47278 was published for flask (pip) May 13, 2025
jayaddison Brax94
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others Low
CVE-2025-46718 was published for sudo-rs (Rust) May 13, 2025
zonia3000 squell
bjorn3
Kirby vulnerable to path traversal in the router for PHP's built-in server Low
CVE-2025-30207 was published for getkirby/cms (Composer) May 13, 2025
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders Low
CVE-2025-46717 was published for sudo-rs (Rust) May 13, 2025
squell rnijveld
Apache Commons Configuration Uncontrolled Resource Consumption Low
CVE-2025-46392 was published for commons-configuration:commons-configuration (Maven) May 9, 2025
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
trailer mishandles allocating with a size of zero Low
CVE-2025-47737 was published for trailer (Rust) May 9, 2025
libsql-sqlite3-parser crash due to invalid UTF-8 input Low
CVE-2025-47736 was published for libsql-sqlite3-parser (Rust) May 9, 2025
OpenStack Ironic fails to restrict paths used for file:// image URLs Low
CVE-2025-44021 was published for ironic (pip) May 8, 2025
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
scanner has a Public API without sufficient bounds checking Low
GHSA-79m9-55jc-p6mw was published for scanner (Rust) May 7, 2025
Redox UEFI Safe API can cause heap-buffer-overflow Low
GHSA-58xc-hpvq-8473 was published for redox_uefi_std (Rust) May 6, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` Low
CVE-2025-46735 was published for github.com/nrkno/terraform-provider-windns (Go) May 6, 2025
polo-sec sjurtf
Foxboron
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields Low
CVE-2025-46720 was published for @keystone-6/core (npm) May 5, 2025
emmatown dcousens
@misskey-dev/summaly Redirect Filter Bypass Low
CVE-2025-46553 was published for @misskey-dev/summaly (npm) May 5, 2025
warriordog
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
obfstr Type Confusion vulnerability Low
CVE-2024-58253 was published for obfstr (Rust) May 2, 2025
AngularJS improperly sanitizes SVG elements Low
CVE-2025-0716 was published for angular (npm) Apr 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database