Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,537 advisories

Loading
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
Apache Ranger Improper Neutralization of Formula Elements vulnerability Low
CVE-2024-55532 was published for org.apache.ranger:security-admin-web (Maven) Mar 3, 2025
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-vr75-hjh9-7fr6 was published for picklescan (pip) Mar 3, 2025 withdrawn
Goroutine Leak in Abacus SSE Implementation High
CVE-2025-27421 was published for github.com/jasonlovesdoggo/abacus (Go) Mar 3, 2025
JasonLovesDoggo
Flask-AppBuilder Observable Response Discrepancy Low
CVE-2025-24023 was published for flask-appbuilder (pip) Mar 3, 2025
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account Critical
CVE-2025-27590 was published for oxidized-web (RubyGems) Mar 3, 2025
Formwork improperly validates input of User role preventing site and panel availability High
GHSA-c85w-x26q-ch87 was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412
Formwork has a cross-site scripting (XSS) vulnerability in Site title Moderate
GHSA-vf6x-59hh-332f was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro High
CVE-2025-1686 was published for io.pebbletemplates:pebble (Maven) Feb 28, 2025
ntpd NTS client denial of service via wrongly sized cookies Moderate
GHSA-v83q-83hj-rw38 was published for ntpd (Rust) Feb 28, 2025
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-jg6f-48ff-5xrw was published for github.com/cosmos/ibc-go (Go) Feb 28, 2025
swelf19
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions High
CVE-2025-27154 was published for spotipy (pip) Feb 28, 2025
alichtman
Memos Server-Side Request Forgery (SSRF) Moderate
CVE-2025-22952 was published for github.com/usememos/memos (Go) Feb 27, 2025
mongosh vulnerable to local privilege escalation High
CVE-2025-1756 was published for mongosh (npm) Feb 27, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login High
CVE-2025-23389 was published for github.com/rancher/rancher (Go) Feb 27, 2025
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API High
CVE-2025-23388 was published for github.com/rancher/rancher (Go) Feb 27, 2025
Rancher's SAML-based login via CLI can be denied by unauthenticated users Moderate
CVE-2025-23387 was published for github.com/rancher/rancher (Go) Feb 27, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to Control Character Injection via autocomplete High
CVE-2025-1691 was published for mongosh (npm) Feb 27, 2025
WSO2 incorrect authorization vulnerability Moderate
CVE-2024-2321 was published for org.wso2.am:am-parent (Maven) Feb 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database