Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,229
Maven
5,000+
npm
3,897
NuGet
701
pip
3,662
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,238 advisories

Loading
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role Low
GHSA-qc59-cxj2-c2w4 was published for aws-cdk-lib (npm) Apr 15, 2025
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
Dpanel's hard-coded JWT secret leads to remote code execution Critical
CVE-2025-30206 was published for github.com/donknap/dpanel (Go) Apr 15, 2025
NS-Sp4ce
jquery-validation vulnerable to Cross-site Scripting Moderate
CVE-2025-3573 was published for jquery-validation (npm) Apr 15, 2025
ash_authentication has email link auto-click account confirmation vulnerability Moderate
GHSA-3988-q8q7-p787 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel jimsynz
maennchen barnabasJ sevenseacat
jsonschema2pojo has Improper Restriction of Operations within the Bounds of a Memory Buffer Moderate
CVE-2025-3588 was published for org.jsonschema2pojo:jsonschema2pojo-core (Maven) Apr 14, 2025
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Rich-Harris
dominikg dummdidumm
DevDojo Voyager Argument Injection vulnerability Critical
CVE-2025-32931 was published for tcg/voyager (Composer) Apr 14, 2025
Pleezer resource exhaustion through uncollected hook script processes Moderate
CVE-2025-32439 was published for pleezer (Rust) Apr 14, 2025
MadMarcsen
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev
Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm Moderate
CVE-2025-2475 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-2424 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
gorilla/csrf CSRF vulnerability due to broken Referer validation Moderate
CVE-2025-24358 was published for github.com/gorilla/csrf (Go) Apr 14, 2025
patrickod
Directus inserts access token from query string into logs Moderate
CVE-2024-47822 was published for @directus/api (npm) Apr 14, 2025
licitdev
Mattermost Fails to Restrict Certain Operations on System Admins Moderate
CVE-2025-32093 was published for github.com/mattermost/mattermost-server (Go) Apr 14, 2025
mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File High
CVE-2025-3445 was published for github.com/mholt/archiver (Go) Apr 14, 2025
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows High
GHSA-f87w-3j5w-v58p was published for CefSharp.OffScreen (NuGet) Apr 12, 2025
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek consideRatio
minrk
CVE-2025-1386- Query smuggling in ch-go library Moderate
CVE-2025-1386 was published for github.com/ClickHouse/ch-go (Go) Apr 12, 2025
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange High
CVE-2025-22869 was published for golang.org/x/crypto (Go) Apr 12, 2025
Formie has XSS vulnerability for email notification content for preview Moderate
CVE-2025-32426 was published for verbb/formie (Composer) Apr 11, 2025
Formie has XSS vulnerability for importing forms Moderate
CVE-2025-32427 was published for verbb/formie (Composer) Apr 11, 2025
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF) Moderate
GHSA-5q9x-554g-9jgg was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB CPU exhaustion via custom functions result in total DoS High
GHSA-pxw4-94j3-v9pf was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB no JavaScript script function default timeout could facilitate DoS Low
GHSA-3824-qmfq-2qv7 was published for surrealdb (Rust) Apr 11, 2025
cure53
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database