GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
9,936 advisories
Filter by severity
Laravel Rest Api has a Search Validation Bypass
Moderate
GHSA-69rh-hccr-cxrj
was published
for
lomkit/laravel-rest-api
(Composer)
May 27, 2025
Strapi allows Server-Side Request Forgery in Webhook function
Moderate
CVE-2024-52588
was published
for
@strapi/admin
(npm)
May 27, 2025
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Moderate
CVE-2025-48054
was published
for
radashi
(npm)
May 27, 2025
ActiveMQ Artemis AMQ Broker Operator Starting Credentials Reuse
Moderate
CVE-2025-4057
was published
for
github.com/arkmq-org/activemq-artemis-operator
(Go)
May 26, 2025
pypickle Incorrect Privilege Assignment vulnerability
Moderate
CVE-2025-5175
was published
for
pypickle
(pip)
May 26, 2025
pypickle unsafe deserialization vulnerability
Moderate
CVE-2025-5174
was published
for
pypickle
(pip)
May 26, 2025
FunAudioLLM InspireMusic deserialization vulnerability
Moderate
CVE-2025-5148
was published
for
inspiremusic
(pip)
May 25, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2025-48371
was published
for
github.com/openfga/openfga
(Go)
May 23, 2025
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Moderate
CVE-2025-48378
was published
for
DotNetNuke.Core
(NuGet)
May 23, 2025
Reflected Cross-Site Scripting (XSS) in module actions in edit mode
Moderate
CVE-2025-48377
was published
for
DotNetNuke.Core
(NuGet)
May 23, 2025
Marked allows Regular Expression Denial of Service (ReDoS) attacks
Moderate
CVE-2018-25110
was published
for
marked
(npm)
May 23, 2025
Eclipse JGit XML External Entity (XXE) Vulnerability
Moderate
CVE-2025-4949
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) allows command injections
Moderate
CVE-2025-48204
was published
for
nitsan/ns-backup
(Composer)
May 21, 2025
Insufficient input sanitization in ejson2env
Moderate
CVE-2025-48069
was published
for
ejson2env
(RubyGems)
May 21, 2025
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
Moderate
CVE-2025-48063
was published
for
org.xwiki.platform:xwiki-platform-security-authorization-bridge
(Maven)
May 21, 2025
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference
Moderate
CVE-2025-48207
was published
for
renolit/reint-downloadmanager
(Composer)
May 21, 2025
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
Moderate
CVE-2025-47291
was published
for
github.com/containerd/containerd/v2
(Go)
May 21, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference
Moderate
CVE-2025-48202
was published
for
in2code/femanager
(Composer)
May 21, 2025
[clickstorm] SEO (cs_seo) TYPO3 extension Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2025-48203
was published
for
clickstorm/cs-seo
(Composer)
May 21, 2025
Character injection in Hubble CLI
Moderate
CVE-2025-48056
was published
for
github.com/cilium/hubble
(Go)
May 21, 2025
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Moderate
CVE-2025-47939
was published
for
typo3/cms-core
(Composer)
May 20, 2025
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Moderate
CVE-2025-47946
was published
for
symfony/ux-live-component
(Composer)
May 19, 2025
Cocotais Bot has builtin .echo command injection
Moderate
CVE-2025-47948
was published
for
cocotais-bot
(npm)
May 19, 2025
ProTip!
Advisories are also available from the
GraphQL API