GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,683
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,928
NuGet
706
pip
3,693
Pub
12
RubyGems
916
Rust
948
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,467 advisories
Filter by severity
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Critical
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Critical
CVE-2025-46572
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
Redox UEFI Safe API can cause heap-buffer-overflow
Low
GHSA-58xc-hpvq-8473
was published
for
redox_uefi_std
(Rust)
May 6, 2025
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
Moderate
CVE-2025-2901
was published
for
org.jboss.hal:hal-console
(Maven)
May 6, 2025
Liferay Portal Reflected XSS in marketplace-app-manager-web
Moderate
CVE-2025-4388
was published
for
com.liferay:com.liferay.marketplace.app.manager.web
(Maven)
May 6, 2025
ZITADEL Allows IdP Intent Token Reuse
High
CVE-2025-46815
was published
for
github.com/zitadel/zitadel
(Go)
May 6, 2025
goshs route not protected, allows command execution
Critical
CVE-2025-46816
was published
for
github.com/patrickhener/goshs
(Go)
May 6, 2025
tanton_engine has unsound public API
Moderate
GHSA-m2xr-2vj4-wh94
was published
for
tanton_engine
(Rust)
May 6, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response
Moderate
CVE-2025-46736
was published
for
Umbraco.Cms
(NuGet)
May 6, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`
Low
CVE-2025-46735
was published
for
github.com/nrkno/terraform-provider-windns
(Go)
May 6, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
High
CVE-2025-30165
was published
for
vllm
(pip)
May 6, 2025
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata
High
CVE-2025-46762
was published
for
org.apache.parquet:parquet-avro
(Maven)
May 6, 2025
Inspektor Gadget Security Policies Can be Bypassed
Moderate
GHSA-pv22-fqcj-7xwh
was published
for
github.com/inspektor-gadget/inspektor-gadget
(Go)
May 6, 2025
BRCC Incorrect Access Control vulnerability
Critical
CVE-2025-45616
was published
for
com.baidu.mapp:brcc-core
(Maven)
May 5, 2025
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-29573
was published
for
Mezzanine
(pip)
May 5, 2025
Langroid Allows XXE Injection via XMLToolMessage
High
CVE-2025-46726
was published
for
langroid
(pip)
May 5, 2025
league/commonmark contains a XSS vulnerability in Attributes extension
Moderate
CVE-2025-46734
was published
for
league/commonmark
(Composer)
May 5, 2025
OpenVM allows the byte decomposition of pc in AUIPC chip to overflow
High
CVE-2025-46723
was published
for
openvm
(Rust)
May 5, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
High
CVE-2025-46731
was published
for
craftcms/cms
(Composer)
May 5, 2025
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Moderate
CVE-2025-46730
was published
for
mobsf
(pip)
May 5, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Low
CVE-2025-46720
was published
for
@keystone-6/core
(npm)
May 5, 2025
Linkerd resource exhaustion vulnerability
Moderate
CVE-2025-43915
was published
for
github.com/linkerd/linkerd2
(Go)
May 5, 2025
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
Critical
CVE-2025-47241
was published
for
browser-use
(pip)
May 5, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
ProTip!
Advisories are also available from the
GraphQL API