Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,300
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,989 advisories

Loading
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
dwelch2344
Pingora Request Smuggling and Cache Poisoning High
CVE-2025-4366 was published for pingora-core (Rust) May 22, 2025
Fiber panics when fiber.Ctx.BodyParser parses invalid range index High
CVE-2025-48075 was published for github.com/gofiber/fiber/v2 (Go) May 22, 2025
Batleram sixcolors
efectn ReneWerner87 gaby
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
AnonyICSE26
Ollama Server Vulnerable to Denial of Service (DoS) Attack High
CVE-2025-1975 was published for github.com/ollama/ollama (Go) May 16, 2025
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd (RubyGems) Apr 4, 2023
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Babylon Finality Provider `MsgCommitPubRandList` replay attack High
GHSA-7mm3-vfg8-7rg6 was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
SmallRye Fault Tolerance out-of-memory (OOM) issue High
CVE-2025-2240 was published for io.smallrye:smallrye-fault-tolerance-core (Maven) Mar 12, 2025
claudio4j
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu wesleytodd
ctcpip UlisesGascon marco-ippolito jonchurch
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location High
CVE-2025-48201 was published for nitsan/ns-backup (Composer) May 21, 2025
rdiffweb's unlimited length email field can lead to DoS High
CVE-2022-3272 was published for rdiffweb (pip) Sep 27, 2022
containerd allows host filesystem access on pull High
CVE-2025-47290 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
tonistiigi
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
rosegabe
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55921 was published for typo3/cms-extensionmanager (Composer) Jan 14, 2025
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
Chakra Scripting Engine RCE via Out-of-bounds write High
CVE-2019-1052 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine RCE via Out-of-bounds write High
CVE-2019-1051 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine RCE Vulnerability High
CVE-2019-1024 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Chakra Scripting Engine Out-of-bounds write High
CVE-2019-1003 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
ChakraCore RCE via Out-of-bounds write High
CVE-2019-1002 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database