Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

269,171 advisories

Loading
Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Moderate
CVE-2025-27017 was published for org.apache.nifi:nifi-mongodb-services (Maven) Mar 12, 2025
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Moderate
CVE-2025-27867 was published for org.apache.felix:org.apache.felix.http.webconsoleplugin (Maven) Mar 12, 2025
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Plenti - Code Injection - Denial of Services Moderate
CVE-2025-26260 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
Duplicate Advisory: Plenti - Code Injection - Denial of Services Moderate
GHSA-323w-6p85-26fr was published for github.com/plentico/plenti (Go) Mar 12, 2025 withdrawn
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT High
CVE-2025-24813 was published for org.apache.tomcat:tomcat-catalina (Maven) Mar 10, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a... Moderate Unreviewed
CVE-2025-26695 was published Mar 10, 2025
An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a... Moderate Unreviewed
CVE-2025-25774 was published Mar 12, 2025
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.... High Unreviewed
CVE-2025-24201 was published Mar 11, 2025
An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of... Moderate Unreviewed
CVE-2024-57492 was published Mar 10, 2025
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify... High Unreviewed
CVE-2025-25616 was published Mar 10, 2025
An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML... Moderate Unreviewed
CVE-2024-34398 was published Mar 12, 2025
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of... Critical Unreviewed
CVE-2025-25940 was published Mar 10, 2025
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF... Moderate Unreviewed
CVE-2025-25683 was published Mar 12, 2025
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance... Moderate Unreviewed
CVE-2025-25615 was published Mar 10, 2025
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to... Moderate Unreviewed
CVE-2023-0597 was published Feb 23, 2023
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor... Moderate Unreviewed
CVE-2024-31430 was published Apr 10, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-32576 was published Apr 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database