Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,297
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,987 advisories

Loading
SmallRye Fault Tolerance out-of-memory (OOM) issue High
CVE-2025-2240 was published for io.smallrye:smallrye-fault-tolerance-core (Maven) Mar 12, 2025
claudio4j
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu wesleytodd
ctcpip UlisesGascon marco-ippolito jonchurch
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location High
CVE-2025-48201 was published for nitsan/ns-backup (Composer) May 21, 2025
rdiffweb's unlimited length email field can lead to DoS High
CVE-2022-3272 was published for rdiffweb (pip) Sep 27, 2022
containerd allows host filesystem access on pull High
CVE-2025-47290 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
tonistiigi
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
rosegabe
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55921 was published for typo3/cms-extensionmanager (Composer) Jan 14, 2025
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
Chakra Scripting Engine RCE via Out-of-bounds write High
CVE-2019-1052 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine RCE via Out-of-bounds write High
CVE-2019-1051 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine RCE Vulnerability High
CVE-2019-1024 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine Out-of-bounds write High
CVE-2019-1003 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
ChakraCore RCE via Out-of-bounds write High
CVE-2019-1002 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine Out-of-bounds write High
CVE-2019-0993 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Chakra Scripting Engine Out-of-bounds write High
CVE-2019-0992 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Chakra Scripting Engine Out-of-bounds write High
CVE-2019-0991 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Chakra Scripting Engine Memory Corruption Vulnerability High
CVE-2019-0989 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Connect-Multiparty allows arbitrary file upload High
CVE-2022-29623 was published for connect-multiparty (npm) May 17, 2022
The TYPO3 CMS Backend has Broken Authentication in Backend MFA High
CVE-2025-47941 was published for typo3/cms-backend (Composer) May 20, 2025
jacobsenj derhansen
TYPO3 Allows Privilege Escalation to System Maintainer High
CVE-2025-47940 was published for typo3/cms-core (Composer) May 20, 2025
ohader
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
zly123987
org.ini4j allows attackers to cause a Denial of Service (DoS) High
CVE-2022-41404 was published for org.ini4j:ini4j (Maven) Oct 12, 2022
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database