GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,675 advisories
Filter by severity
Information exposure in Next.js dev server due to lack of origin verification
Low
CVE-2025-48068
was published
for
next
(npm)
May 28, 2025
multicast in source builds from vulnerable setuptools dependency
Moderate
GHSA-94v7-wxj6-r2q5
was published
for
multicast
(pip)
May 28, 2025
vLLM Tool Schema allows DoS via Malformed pattern and type Fields
Moderate
GHSA-vrq3-r879-7m65
was published
for
vllm
(pip)
May 28, 2025
vLLM allows clients to crash the openai server with invalid regex
Moderate
GHSA-9hcf-v7m4-6m2j
was published
for
vllm
(pip)
May 28, 2025
vLLM DOS: Remotely kill vllm over http with invalid JSON schema
Moderate
GHSA-6qc9-v4r8-22xg
was published
for
vllm
(pip)
May 28, 2025
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
Moderate
CVE-2025-46722
was published
for
vllm
(pip)
May 28, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
Low
CVE-2025-46570
was published
for
vllm
(pip)
May 28, 2025
vLLM vulnerable to Regular Expression Denial of Service
Moderate
GHSA-j828-28rj-hfhp
was published
for
vllm
(pip)
May 28, 2025
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
Moderate
GHSA-w6q7-j642-7c25
was published
for
vllm
(pip)
May 28, 2025
Mautic has an Open Redirect vulnerability on user unlock path.
Moderate
CVE-2025-5256
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic segment cloning doesn't have a proper permission check
Moderate
CVE-2024-47055
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic allows user name enumeration due to response time difference on password reset form
Moderate
CVE-2024-47057
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic does not shield .env files from web traffic
Moderate
CVE-2024-47056
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
Moderate
CVE-2025-5257
was published
for
mautic/core
(Composer)
May 28, 2025
ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection
High
GHSA-93m4-mfpg-c3xf
was published
for
github.com/zitadel/zitadel
(Go)
May 28, 2025
Argo CD allows cross-site scripting on repositories page
Critical
CVE-2025-47933
was published
for
github.com/argoproj/argo-cd
(Go)
May 28, 2025
Chrome PHP is missing encoding in `CssSelector`
Moderate
GHSA-3432-fmrf-7vmh
was published
for
chrome-php/chrome
(Composer)
May 28, 2025
Apache Commons Improper Access Control vulnerability
High
CVE-2025-48734
was published
for
commons-beanutils:commons-beanutils
(Maven)
May 28, 2025
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
High
CVE-2025-5279
was published
for
redshift-connector
(pip)
May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
Critical
GHSA-phf6-hm3h-x8qp
was published
for
broadinstitute/cromwell
(GitHub Actions)
May 28, 2025
Contrast workload secrets leak to logs on INFO level
High
GHSA-h5f8-crrq-4pw8
was published
for
github.com/edgelesssys/contrast
(Go)
May 28, 2025
Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users
High
GHSA-965r-9cg9-g42p
was published
for
com.ritense.valtimo:object-management
(Maven)
May 28, 2025
Traefik allows path traversal using url encoding
Low
CVE-2025-47952
was published
for
github.com/traefik/traefik
(Go)
May 28, 2025
Hackney fails to properly release HTTP connections to the pool
Low
CVE-2025-3864
was published
for
hackney
(Erlang)
May 28, 2025
LLama-Index CLI OS command injection vulnerability
High
CVE-2025-1753
was published
for
llama-index-cli
(pip)
May 28, 2025
ProTip!
Advisories are also available from the
GraphQL API