GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
21,324 advisories
Filter by severity
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Moderate
CVE-2025-1057
was published
for
keylime
(pip)
Feb 14, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
Fyrox has unsound usages of `Vec::from_raw_parts`
Low
GHSA-h7h7-6mx3-r89v
was published
for
fyrox-core
(Rust)
Feb 14, 2025
Uncaught Panic in ORML Rewards Pallet
High
GHSA-5v93-9mqw-p9mh
was published
for
orml-rewards
(Rust)
Feb 14, 2025
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Moderate
CVE-2025-25204
was published
for
github.com/cli/cli/v2
(Go)
Feb 14, 2025
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
High
CVE-2025-25297
was published
for
label-studio
(pip)
Feb 14, 2025
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Moderate
CVE-2025-25296
was published
for
label-studio
(pip)
Feb 14, 2025
Label Studio has a Path Traversal Vulnerability via image Field
High
CVE-2025-25295
was published
for
label-studio-sdk
(pip)
Feb 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node
Critical
CVE-2024-52577
was published
for
org.apache.ignite:ignite-core
(Maven)
Feb 14, 2025
DOMPurify allows Cross-site Scripting (XSS)
Moderate
CVE-2025-26791
was published
for
dompurify
(npm)
Feb 14, 2025
Node Denial of Service via kubelet Checkpoint API
Moderate
CVE-2025-0426
was published
for
k8s.io/kubernetes
(Go)
Feb 13, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
High
CVE-2025-26511
was published
for
com.instaclustr:cassandra-lucene-index-plugin
(Maven)
Feb 13, 2025
Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance
High
CVE-2025-1247
was published
for
io.quarkus:quarkus-rest
(Maven)
Feb 13, 2025
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Moderate
CVE-2024-46910
was published
for
org.apache.atlas:apache-atlas
(Maven)
Feb 13, 2025
Remote code execution in alextselegidis/easyappointments
Moderate
CVE-2024-57601
was published
for
alextselegidis/easyappointments
(Composer)
Feb 13, 2025
Missing rate limit in MaysWind ezBookkeeping
Moderate
CVE-2024-57603
was published
for
github.com/mayswind/ezbookkeeping
(Go)
Feb 13, 2025
Potential Denial-of-Service condition leading to temporary disability in IBC transfers to the native chain
Moderate
GHSA-6fgm-x6ff-w78f
was published
for
github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v7
(Go)
Feb 12, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header
Critical
GHSA-c2p2-hgjg-9r3f
was published
for
islandora/crayfish
(Composer)
Feb 12, 2025
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Critical
GHSA-vjh7-7g9h-fjfh
was published
for
elliptic
(npm)
Feb 12, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
High
CVE-2025-25283
was published
for
parse-duration
(npm)
Feb 12, 2025
Inefficient Regular Expression Complexity in koa
Critical
CVE-2025-25200
was published
for
koa
(npm)
Feb 12, 2025
ProTip!
Advisories are also available from the
GraphQL API