Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,369 advisories

Loading
Go Ethereum vulnerable to DoS via malicious p2p message Moderate
CVE-2025-24883 was published for github.com/ethereum/go-ethereum (Go) Jan 30, 2025
iam-ned
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-95j3-435g-vjcp was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
Exiv2 allows Use After Free Moderate
CVE-2025-26623 was published for Exiv2 (pip) Feb 21, 2025
Marsman1996
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Vyper has a double eval in For List Iter Low
CVE-2025-27104 was published for vyper (pip) Feb 21, 2025
AugAssign evaluation order causing OOB write within the object in Vyper Low
CVE-2025-27105 was published for vyper (pip) Feb 21, 2025
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
Mautic has insufficient authentication in upgrade flow Moderate
CVE-2022-25770 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka RCheesley
lakeFS allows an authenticated user to cause a crash by exhausting server memory Moderate
CVE-2025-27100 was published for github.com/treeverse/lakefs (Go) Feb 21, 2025
arielshaqed ItamarYuran
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow High
GHSA-5hc5-fxr9-5frc was published for mautic/core (Composer) Sep 19, 2024 withdrawn
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit High
CVE-2025-1403 was published for qiskit (pip) Feb 21, 2025
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou
runc can be confused to create empty files/directories on the host Moderate
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database