Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,952 advisories

Loading
Podman Improper Certificate Validation; machine missing TLS verification High
CVE-2025-6032 was published for github.com/containers/podman/v4 (Go) Jun 25, 2025
Luap99
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment Low
CVE-2025-52884 was published for risc0-ethereum-contracts (Rust) Jun 25, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory High
CVE-2025-52888 was published for io.qameta.allure.plugins:junit-xml-plugin (Maven) Jun 25, 2025
DerekHaber baev
Umbraco CMS disclosure of configured password requirements Moderate
CVE-2025-49147 was published for Umbraco.Cms (NuGet) Jun 24, 2025
Gogs allows deletion of internal files which leads to remote command execution Critical
CVE-2024-56731 was published for gogs.io/gogs (Go) Jun 24, 2025
Ry0taK
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function Low
CVE-2025-6518 was published for pyspur (pip) Jun 23, 2025
LangChain Community SSRF vulnerability exists in RequestsToolkit component High
CVE-2025-2828 was published for langchain-community (pip) Jun 23, 2025
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
Claude Code Improper Authorization via websocket connections from arbitrary origins High
GHSA-9f65-56v6-gxw7 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025
ChangeDetection.io XSS in watch overview High
CVE-2025-52558 was published for changedetection.io (pip) Jun 23, 2025
dgtlmoon
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi
kubernetes allows nodes to bypass dynamic resource allocation authorization checks Low
CVE-2025-4563 was published for k8s.io/kubernetes (Go) Jun 23, 2025
MLFlow SSRF via gateway_proxy_handler Moderate
CVE-2025-52967 was published for mlflow (pip) Jun 23, 2025
spytrap-adb Omission of Security-relevant Information Low
CVE-2025-52926 was published for spytrap-adb (Rust) Jun 23, 2025
rfc3161-client has insufficient verification for timestamp response signatures Critical
GHSA-6qhv-4h7r-2g9m was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
zkVM Underconstrained Vulnerability Low
CVE-2025-52484 was published for risc0-circuit-rv32im (Rust) Jun 20, 2025
Pingora has a Request Smuggling Vulnerability High
CVE-2025-4366 was published for pingora-core (Rust) Jun 20, 2025
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Mattermost allows an unauthorized Guest user access to Playbook Moderate
CVE-2025-3228 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows unauthorized channel member management through playbook runs Moderate
CVE-2025-3227 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input High
CVE-2025-52488 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
infosec-au
DNN.PLATFORM possibly allows bypass of IP Filters High
CVE-2025-52487 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
valadas bdukes
mitchelsellers
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed Moderate
CVE-2025-52485 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database