Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,419
Maven
5,000+
npm
4,055
NuGet
723
pip
3,847
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,076 advisories

Loading
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw calebbrown
Ollama allows deletion of arbitrary files Moderate
CVE-2025-44779 was published for github.com/ollama/ollama (Go) Aug 7, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string Moderate
CVE-2024-52279 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Aug 3, 2025
XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API High
CVE-2025-54385 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 25, 2025
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High
CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check Moderate
CVE-2025-53652 was published for org.jenkins-ci.tools:git-parameter (Maven) Jul 9, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection Low
CVE-2025-3777 was published for transformers (pip) Jul 7, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao/api/v2 (Go) Jun 26, 2025
cipherboy
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
anon-vec lacks sufficient checks in public API Low
GHSA-pr59-jjr4-gcf6 was published for anon-vec (Rust) Jun 5, 2025
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
CVE-2025-48944 was published for vllm (pip) May 28, 2025
russellb Jason-CKY
Laravel Rest Api has a Search Validation Bypass Moderate
CVE-2025-48490 was published for lomkit/laravel-rest-api (Composer) May 27, 2025
edepauw
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-5173 was published for label-studio-ml (pip) May 26, 2025
FunAudioLLM InspireMusic deserialization vulnerability Moderate
CVE-2025-5148 was published for inspiremusic (pip) May 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database