GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,131
Maven
5,000+
npm
3,795
NuGet
686
pip
3,473
Pub
12
RubyGems
896
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,232 advisories
Filter by severity
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
Low
GHSA-5mwf-688x-mr7x
was published
for
nokogiri
(RubyGems)
Feb 19, 2025
Authelia applies regulation separately to Username-based logins to Email-based logins
Low
CVE-2025-24806
was published
for
github.com/authelia/authelia/v4
(Go)
Feb 19, 2025
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
Low
GHSA-vvfq-8hwr-qm4m
was published
for
nokogiri
(RubyGems)
Feb 18, 2025
Fyrox has unsound usages of `Vec::from_raw_parts`
Low
GHSA-h7h7-6mx3-r89v
was published
for
fyrox-core
(Rust)
Feb 14, 2025
Unencrypted transmission in Temporal api-go library
Low
CVE-2025-1243
was published
for
go.temporal.io/api
(Go)
Feb 12, 2025
Vulnerable OpenSSL included in cryptography wheels
Low
CVE-2024-12797
was published
for
cryptography
(pip)
Feb 11, 2025
Server-side Request Forgery (SSRF) in hackney
Low
CVE-2025-1211
was published
for
hackney
(Erlang)
Feb 11, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
Low
CVE-2025-25183
was published
for
vllm
(pip)
Feb 6, 2025
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
Low
CVE-2025-23215
was published
for
net.sourceforge.pmd:pmd-core
(Maven)
Jan 31, 2025
DevDojo Voyager vulnerable to reflected Cross-site Scripting
Low
CVE-2024-55416
was published
for
tcg/voyager
(Composer)
Jan 30, 2025
Potential DoS when using ContextLines integration
Low
GHSA-r5w7-f542-q2j4
was published
for
@sentry/astro
(npm)
Jan 28, 2025
Dolibarr Cross-site Scripting vulnerability
Low
CVE-2024-55227
was published
for
dolibarr/dolibarr
(Composer)
Jan 27, 2025
Dolibarr Cross-site Scripting vulnerability
Low
CVE-2024-55228
was published
for
dolibarr/dolibarr
(Composer)
Jan 27, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator
Low
CVE-2025-24783
was published
for
org.apache.cocoon:cocoon-forms-impl
(Maven)
Jan 27, 2025
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
Low
GHSA-9qrm-48qf-r2rw
was published
for
directus
(npm)
Jan 23, 2025
Reflected Cross Site Scripting (XSS) in error message
Low
GHSA-74j9-xhqr-6qv3
was published
for
silverstripe/framework
(Composer)
Jan 23, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
Low
CVE-2025-23206
was published
for
aws-cdk-lib
(npm)
Jan 17, 2025
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
Low
GHSA-mqf3-qpc3-g26q
was published
for
silverstripe/framework
(Composer)
Jan 14, 2025
Lodestar snappy checksum issue
Low
GHSA-m9c9-mc2h-9wjw
was published
for
@lodestar/reqresp
(npm)
Jan 14, 2025
Lodestar snappy decompression issue
Low
GHSA-53rv-hcvm-rpp9
was published
for
@lodestar/reqresp
(npm)
Jan 14, 2025
Vyper Does Not Check the Success of Certain Precompile Calls
Low
CVE-2025-21607
was published
for
vyper
(pip)
Jan 14, 2025
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER
Low
CVE-2025-0343
was published
for
github.com/apple/swift-asn1
(Swift)
Jan 14, 2025
TYPO3 Information Disclosure via Exception Handling/Logger
Low
CVE-2024-55891
was published
for
typo3/cms-install
(Composer)
Jan 14, 2025
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package
Low
GHSA-mgr7-5782-6jh9
was published
for
Umbraco.Headless.Client.Net
(NuGet)
Jan 13, 2025
notation-go has an OS error when setting CRL cache leads to denial of signature verification
Low
CVE-2024-51491
was published
for
github.com/notaryproject/notation-go
(Go)
Jan 13, 2025
ProTip!
Advisories are also available from the
GraphQL API