Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,846
Erlang
36
GitHub Actions
33
Go
2,467
Maven
5,000+
npm
4,090
NuGet
733
pip
3,907
Pub
12
RubyGems
944
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,662 advisories

Loading
Kubernetes Nodes can delete themselves by adding an OwnerReference Moderate
CVE-2025-5187 was published for k8s.io/kubernetes (Go) Aug 27, 2025
NodeBB SQL Injection vulnerability High
CVE-2025-50979 was published for nodebb (npm) Aug 27, 2025
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
Google Sign-In for Rails allowed redirects to malformed URLs Moderate
CVE-2025-57821 was published for google_sign_in (RubyGems) Aug 27, 2025
Muntrive
Malicious versions of Nx were published Critical
GHSA-cxm3-wv7p-598c was published for @nx/devkit (npm) Aug 27, 2025
jahredhope tadhglewis
hckhanh TimShilov
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Rich-Harris
dominikg
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start Moderate
GHSA-q77w-mwjj-7mqx was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python cProfile.run Moderate
GHSA-49gj-c84q-6qm9 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python cProfile.runctx Moderate
GHSA-9w88-8rmg-7g2p was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python doctest.debug_script Moderate
GHSA-fqq6-7vqf-w3fg was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode Moderate
GHSA-3gf5-cxq9-w223 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand Moderate
GHSA-j343-8v2j-ff7w was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode Moderate
GHSA-m869-42cg-3xwr was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label Moderate
GHSA-p9w7-82w4-7q8m was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan is missing detection when calling built-in python ensurepip._run_pip Moderate
GHSA-xp4f-hrf8-rxw7 was published for picklescan (pip) Aug 26, 2025
FredericDT
Badaso CMS file upload vulnerability High
CVE-2025-52353 was published for badaso/core (Composer) Aug 26, 2025
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof Moderate
GHSA-4whj-rm5r-c2v8 was published for picklescan (pip) Aug 26, 2025
FredericDT
GraphQL Armor Max-Depth Plugin Bypass via fragment caching Moderate
GHSA-224p-v68g-5g8f was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-hmfr-rx46-4jx2 was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
M0ngi
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity Moderate
GHSA-9xph-j2h6-g47v was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip Moderate
GHSA-8r4j-24qv-fmq9 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter Moderate
GHSA-cj3c-v495-4xqh was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions Moderate
GHSA-7cq8-mj8x-j263 was published for picklescan (pip) Aug 26, 2025
FredericDT
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity Moderate
GHSA-6w4w-5w54-rjvr was published for picklescan (pip) Aug 26, 2025
FredericDT
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database