Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,599 advisories

Loading
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Moderate
CVE-2025-27017 was published for org.apache.nifi:nifi-mongodb-services (Maven) Mar 12, 2025
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Moderate
CVE-2025-27867 was published for org.apache.felix:org.apache.felix.http.webconsoleplugin (Maven) Mar 12, 2025
Duplicate Advisory: Plenti - Code Injection - Denial of Services Moderate
GHSA-323w-6p85-26fr was published for github.com/plentico/plenti (Go) Mar 12, 2025 withdrawn
laravel-crud-wizard-free has File Validation Bypass Moderate
GHSA-3wgq-h4fr-cwg5 was published for macropay-solutions/laravel-crud-wizard-free (Composer) Mar 12, 2025
Out-of-bounds Read in Ruby JSON Parser High
CVE-2025-27788 was published for json (RubyGems) Mar 12, 2025
Apache Camel Message Header Injection through request parameters Moderate
CVE-2025-29891 was published for org.apache.camel:camel-support (Maven) Mar 12, 2025
SmallRye Fault Tolerance out-of-memory (OOM) issue High
CVE-2025-2240 was published for io.smallrye:smallrye-fault-tolerance-core (Maven) Mar 12, 2025
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition Moderate
CVE-2025-27617 was published for pimcore/pimcore (Composer) Mar 11, 2025
cancan101
Rembg CORS misconfiguration High
CVE-2025-25302 was published for rembg (pip) Mar 11, 2025
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
Froxlor has an HTML Injection Vulnerability Moderate
GHSA-26xq-m8xw-6373 was published for froxlor/froxlor (Composer) Mar 11, 2025
BenefactorYuvi
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover Moderate
GHSA-7j6w-p859-464f was published for froxlor/froxlor (Composer) Mar 11, 2025
halas98
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups Moderate
CVE-2025-27789 was published for @babel/helpers (npm) Mar 11, 2025
mmmsssttt404 JLHwung
nicolo-ribaudo
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database