Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,238 advisories

Loading
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
Vyper has a double eval in For List Iter Low
CVE-2025-27104 was published for vyper (pip) Feb 21, 2025
AugAssign evaluation order causing OOB write within the object in Vyper Low
CVE-2025-27105 was published for vyper (pip) Feb 21, 2025
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Low
GHSA-5mwf-688x-mr7x was published for nokogiri (RubyGems) Feb 19, 2025
Authelia applies regulation separately to Username-based logins to Email-based logins Low
CVE-2025-24806 was published for github.com/authelia/authelia/v4 (Go) Feb 19, 2025
tsschaffert Ahrdie
caesarakalaeii
Duplicate Advisory: Umbraco CMS Cross-site Scripting vulnerability Low
GHSA-4gmq-m9vp-jrwg was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024 withdrawn
AndyButland
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 postmodern
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Low
GHSA-vvfq-8hwr-qm4m was published for nokogiri (RubyGems) Feb 18, 2025
smartbanner.js rel noopener vulnerability Low
CVE-2025-25300 was published for smartbanner.js (npm) Sep 13, 2019
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
Fyrox has unsound usages of `Vec::from_raw_parts` Low
GHSA-h7h7-6mx3-r89v was published for fyrox-core (Rust) Feb 14, 2025
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses Low
CVE-2023-41051 was published for vm-memory (Rust) Sep 4, 2023
Manishearth
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska pcreager23
Unencrypted transmission in Temporal api-go library Low
CVE-2025-1243 was published for go.temporal.io/api (Go) Feb 12, 2025
Vulnerable OpenSSL included in cryptography wheels Low
CVE-2024-12797 was published for cryptography (pip) Feb 11, 2025
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
Magento incorrect user permissions vulnerability within the Inventory component Low
CVE-2020-24403 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database