Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,500 advisories

Loading
Grafana Incorrect Privilege Assignment vulnerability Critical
CVE-2025-41115 was published for github.com/grafana/grafana (Go) Nov 21, 2025
cdupuis
Credited to cdupuis
@hpke/core reuses AEAD nonces Critical
CVE-2025-64767 was published for @hpke/core (npm) Nov 20, 2025
panva
Credited to panva
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
CVE-2025-65108 was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
Apache Causeway vulnerable to deserialization in Java Critical
CVE-2025-64408 was published for org.apache.causeway.commons:causeway-commons (Maven) Nov 19, 2025
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
irene221b
Credited to irene221b
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ooliv
Credited to ooliv
Modular Max Serve has Unsafe Deserialization vulnerability Critical
CVE-2025-60455 was published for modular (pip) Nov 18, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Raven95676
Soulter
Credited to Marven11, Raven95676, and Soulter
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service Critical
CVE-2024-10082 was published for codechecker (pip) Nov 6, 2024
Discookie
Credited to Discookie
codechecker vulnerable to authentication bypass when using specifically crafted URLs Critical
CVE-2024-10081 was published for codechecker (pip) Nov 6, 2024
Discookie dkrupp
Credited to Discookie and dkrupp
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for Flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
ingress-nginx admission controller RCE escalation Critical
CVE-2025-1974 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. Critical
CVE-2025-64459 was published for django (pip) Nov 5, 2025
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency Critical
GHSA-6jqf-mv7m-3q7p was published for github.com/filebrowser/filebrowser/v2 (Go) Nov 13, 2025
Francesco-Bellomi hacdias
Credited to Francesco-Bellomi and hacdias
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode Critical
CVE-2025-12762 was published for pgadmin4 (pip) Nov 13, 2025
jonbally
Credited to jonbally
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
liamjones conorfitch
Credited to Malayke, cylewaitforit, liamjones, and conorfitch
Milvus Proxy has a Critical Authentication Bypass Vulnerability Critical
CVE-2025-64513 was published for github.com/milvus-io/milvus (Go) Nov 13, 2025
Magento executes code via the API File Option Upload Extension Critical
CVE-2021-36042 was published for magento/community-edition (Composer) May 24, 2022
Magento has a file extension restrictions bypass Critical
CVE-2021-36040 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability while saving a customer's details Critical
CVE-2021-36025 was published for magento/community-edition (Composer) May 24, 2022
Magento has an XML Injection vulnerability Critical
CVE-2021-36028 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2021-36033 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout Critical
CVE-2021-36023 was published for magento/community-edition (Composer) Sep 6, 2023
Magento improper access control vulnerability within Magento's Media Gallery Upload workflow Critical
CVE-2021-36036 was published for magento/community-edition (Composer) Sep 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database