GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,404 advisories
Filter by severity
Information exposure in Next.js dev server due to lack of origin verification
Low
CVE-2025-48068
was published
for
next
(npm)
May 28, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
Low
CVE-2025-46570
was published
for
vllm
(pip)
May 28, 2025
Traefik allows path traversal using url encoding
Low
CVE-2025-47952
was published
for
github.com/traefik/traefik
(Go)
May 28, 2025
Hackney fails to properly release HTTP connections to the pool
Low
CVE-2025-3864
was published
for
hackney
(Erlang)
May 28, 2025
Fess has Insecure Temporary File Permissions
Low
CVE-2025-48382
was published
for
org.codelibs.fess:fess
(Maven)
May 27, 2025
auth-js Vulnerable to Insecure Path Routing from Malformed User Input
Low
CVE-2025-48370
was published
for
@supabase/auth-js
(npm)
May 27, 2025
process_lock has a Potential Unsound issue in unlock
Low
CVE-2025-48751
was published
for
process_lock
(Rust)
May 24, 2025
Process Sync has a Potential Unsound Issue in SharedMutex
Low
CVE-2025-48752
was published
for
process-sync
(Rust)
May 24, 2025
SCSIR has a Potential Unsound Issue in WriteSameCommand
Low
CVE-2025-48756
was published
for
scsir
(Rust)
May 24, 2025
DNN site Import could use an external source with a crafted request
Low
CVE-2025-48376
was published
for
DotNetNuke.SiteExportImport
(NuGet)
May 23, 2025
Ackites KillWxapkg Zip Bomb Resource Exhaustion
Low
CVE-2025-5031
was published
for
github.com/Ackites/KillWxapkg
(Go)
May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) allows XSS
Low
CVE-2025-48206
was published
for
nitsan/ns-backup
(Composer)
May 21, 2025
TYPO3 Unverified Password Change for Backend Users
Low
CVE-2025-47938
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Allows Information Disclosure via DBAL Restriction Handling
Low
CVE-2025-47937
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 CMS Webhooks Server Side Request Forgery
Low
CVE-2025-47936
was published
for
typo3/cms-webhooks
(Composer)
May 20, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name
Low
CVE-2025-47931
was published
for
librenms/librenms
(Composer)
May 19, 2025
Vyper's `slice()` may elide side-effects when output length is 0
Low
CVE-2025-47774
was published
for
vyper
(pip)
May 16, 2025
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Low
CVE-2025-47285
was published
for
vyper
(pip)
May 16, 2025
Mattermost Fails to Check User Access to `ExperimentalSettings`
Low
CVE-2025-2570
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
May 15, 2025
undici Denial of Service attack via bad certificate data
Low
CVE-2025-47279
was published
for
undici
(npm)
May 15, 2025
Next.js Race Condition to Cache Poisoning
Low
CVE-2025-32421
was published
for
next
(npm)
May 15, 2025
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability
Low
CVE-2025-26646
was published
for
Microsoft.Build.Tasks.Core
(NuGet)
May 13, 2025
Flask uses fallback key instead of current signing key
Low
CVE-2025-47278
was published
for
flask
(pip)
May 13, 2025
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Low
CVE-2025-47280
was published
for
Umbraco.Forms
(NuGet)
May 13, 2025
ProTip!
Advisories are also available from the
GraphQL API