Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21,329 advisories

Loading
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0 Moderate
CVE-2025-1057 was published for keylime (pip) Feb 14, 2025
ansasaki
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25289 was published for @octokit/request-error (npm) Feb 14, 2025
ShiyuBanzhou
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25288 was published for @octokit/plugin-paginate-rest (npm) Feb 14, 2025
ShiyuBanzhou MaikelvandenHurk-TomTom
Vega allows Cross-site Scripting via the vlSelectionTuples function Moderate
CVE-2025-25304 was published for vega (npm) Feb 14, 2025
FallingPineapples domoritz
Fyrox has unsound usages of `Vec::from_raw_parts` Low
GHSA-h7h7-6mx3-r89v was published for fyrox-core (Rust) Feb 14, 2025
Uncaught Panic in ORML Rewards Pallet High
GHSA-5v93-9mqw-p9mh was published for orml-rewards (Rust) Feb 14, 2025
`gh attestation verify` returns incorrect exit code during verification if no attestations are present Moderate
CVE-2025-25204 was published for github.com/cli/cli/v2 (Go) Feb 14, 2025
codysoyland phillmv
kommendorkapten jkylekelly
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint High
CVE-2025-25297 was published for label-studio (pip) Feb 14, 2025
xbow-security
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint Moderate
CVE-2025-25296 was published for label-studio (pip) Feb 14, 2025
xbow-security
Label Studio has a Path Traversal Vulnerability via image Field High
CVE-2025-25295 was published for label-studio-sdk (pip) Feb 14, 2025
xbow-security
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
DOMPurify allows Cross-site Scripting (XSS) Moderate
CVE-2025-26791 was published for dompurify (npm) Feb 14, 2025
Node Denial of Service via kubelet Checkpoint API Moderate
CVE-2025-0426 was published for k8s.io/kubernetes (Go) Feb 13, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance High
CVE-2025-1247 was published for io.quarkus:quarkus-rest (Maven) Feb 13, 2025
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Moderate
CVE-2024-46910 was published for org.apache.atlas:apache-atlas (Maven) Feb 13, 2025
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Missing rate limit in MaysWind ezBookkeeping Moderate
CVE-2024-57603 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
Potential Denial-of-Service condition leading to temporary disability in IBC transfers to the native chain Moderate
GHSA-6fgm-x6ff-w78f was published for github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v7 (Go) Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API