Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Traefik affected by Go HTTP Request Smuggling Vulnerability Critical
GHSA-5423-jcjm-2gpv was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
varunbondre
Credited to varunbondre
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415 Low
GHSA-5w6v-399v-w3cc was published for nokogiri (RubyGems) Apr 21, 2025
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 Critical
GHSA-ggpf-24jw-3fcw was published for vllm (pip) Apr 23, 2025
azraelxuemo russellb
Credited to azraelxuemo and russellb
multicast in source builds from vulnerable setuptools dependency Moderate
GHSA-94v7-wxj6-r2q5 was published for multicast (pip) May 28, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-c42h-56wx-h85q was published for auth0/login (Composer) Jun 6, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
Credited to sebastianosrt and mhils
RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency Critical
CVE-2025-22871 was published for spiral/roadrunner (Composer) Apr 8, 2025
dt-thomas-durand
Credited to dt-thomas-durand
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses Low
GHSA-w2jf-268q-mrvh was published for github.com/opentofu/opentofu (Go) Nov 6, 2025
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency Critical
GHSA-6jqf-mv7m-3q7p was published for github.com/filebrowser/filebrowser/v2 (Go) Nov 13, 2025
Francesco-Bellomi hacdias
Credited to Francesco-Bellomi and hacdias
SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 Critical
GHSA-5j8p-438x-rgg5 was published for onelogin/php-saml (Composer) Dec 9, 2025
d0ge
Credited to d0ge
OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs Moderate
GHSA-mjcp-gpgx-ggcg was published for github.com/opentofu/opentofu (Go) Dec 9, 2025
Next Vulnerable to Denial of Service with Server Components High
GHSA-mwv6-3258-q52c was published for next (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database