GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
22,339 advisories
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
Critical
GHSA-2jh5-g5ch-43q5
was published
for
YoutubeDLSharp
(NuGet)
Apr 23, 2025
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
Moderate
GHSA-f2f7-gj54-6vpv
was published
for
llamafactory
(pip)
Apr 23, 2025
org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
Critical
CVE-2025-32969
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Apr 23, 2025
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
Moderate
CVE-2024-47829
was published
for
pnpm
(npm)
Apr 23, 2025
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
Critical
GHSA-ggpf-24jw-3fcw
was published
for
vllm
(pip)
Apr 23, 2025
Wazuh server vulnerable to remote code execution
Critical
CVE-2025-24016
was published
for
github.com/wazuh/wazuh
(Go)
Apr 22, 2025
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Moderate
CVE-2025-32950
was published
for
io.jmix.localfs:jmix-localfs
(Maven)
Apr 22, 2025
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Moderate
CVE-2025-32788
was published
for
octoprint
(pip)
Apr 22, 2025
Harden-Runner allows evasion of 'disable-sudo' policy
Moderate
CVE-2025-32955
was published
for
step-security/harden-runner
(GitHub Actions)
Apr 22, 2025
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Moderate
CVE-2025-32963
was published
for
github.com/minio/operator
(Go)
Apr 21, 2025
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Moderate
CVE-2025-32793
was published
for
github.com/cilium/cilium
(Go)
Apr 21, 2025
ProTip!
Advisories are also available from the
GraphQL API