Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,297 advisories

Loading
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
Regular expression denial-of-service in Django Moderate
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131
GeoNetwork search end-point information disclosure in response headers Moderate
CVE-2024-32037 was published for org.geonetwork-opensource:gn-services (Maven) Feb 11, 2025
josegar74 jodygarnett
Directus allows privilege escalation using Share feature Moderate
CVE-2025-24353 was published for @directus/app (npm) Jan 23, 2025
viters m3t3kh4n
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` Moderate
CVE-2025-25202 was published for ash_authentication (Erlang) Feb 11, 2025
wilburyang zachdaniel
jimsynz
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio
Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log Moderate
CVE-2024-52067 was published for org.apache.nifi:nifi-framework-core (Maven) Feb 11, 2025
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases Moderate
CVE-2024-53948 was published for apache-superset (pip) Dec 9, 2024
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate
CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023
Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024
oscerd
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
CRI-O Path Traversal vulnerability Moderate
CVE-2025-0750 was published for github.com/cri-o/cri-o (Go) Jan 28, 2025
rust-openssl ssl::select_next_proto use after free Moderate
CVE-2025-24898 was published for openssl (Rust) Feb 3, 2025
mmastrac
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle has arbitrary file read risk through pdfTeX Moderate
CVE-2024-43426 was published for moodle/moodle (Composer) Nov 7, 2024
Server-Side Request Forgery (SSRF) in activitypub_federation Moderate
CVE-2025-25194 was published for activitypub_federation (Rust) Feb 10, 2025
nnfrog
Denial of Service attack on windows app using Netty Moderate
CVE-2025-25193 was published for io.netty:netty-common (Maven) Feb 10, 2025
chrisvest
Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025
Hickory DNS failure to verify self-signed RRSIG for DNSKEYs Moderate
GHSA-v7pc-74h8-xq2h was published for hickory-proto (Rust) Feb 10, 2025
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database