GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,861 advisories
Filter by severity
Salt's salt.auth.pki module does not properly authenticate callers
Moderate
CVE-2024-38825
was published
for
salt
(pip)
Jun 13, 2025
Salt's on demand pillar functionality vulnerable to arbitrary command injections
Moderate
CVE-2025-22237
was published
for
salt
(pip)
Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation
Moderate
CVE-2025-22238
was published
for
salt
(pip)
Jun 13, 2025
Salt allows arbitrary directory creation or file deletion
Moderate
CVE-2025-22240
was published
for
salt
(pip)
Jun 13, 2025
Spring Framework vulnerable to a reflected file download (RFD)
Moderate
CVE-2025-41234
was published
for
org.springframework:spring-web
(Maven)
Jun 13, 2025
Vantage6 Server JWT secret not cryptographically secure
Low
CVE-2025-43866
was published
for
vantage6-server
(pip)
Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality
Low
CVE-2025-43863
was published
for
vantage6
(pip)
Jun 12, 2025
XWiki allows SQL injection in query endpoint of REST API with Oracle
Critical
CVE-2024-56158
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 12, 2025
Citizen skin vulnerable to stored XSS through multiple system messages
Moderate
CVE-2025-49575
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 11, 2025
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2025-48448
was published
for
drupal/admin_audit_trail
(Composer)
Jun 11, 2025
Drupal Lightgallery Cross-site Scripting vulnerability
Moderate
CVE-2025-48447
was published
for
drupal/lightgallery
(Composer)
Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability
Moderate
CVE-2025-48013
was published
for
drupal/quick_node_block
(Composer)
Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability
Moderate
CVE-2025-48444
was published
for
drupal/quick_node_block
(Composer)
Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability
High
CVE-2025-48446
was published
for
drupal/commerce_alphabank_redirect
(Composer)
Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability
High
CVE-2025-48445
was published
for
drupal/commerce_eurobank_redirect
(Composer)
Jun 11, 2025
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
High
CVE-2025-4922
was published
for
github.com/hashicorp/nomad
(Go)
Jun 11, 2025
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability
High
CVE-2025-30399
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jun 11, 2025
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
Moderate
GHSA-v33j-v3x4-42qg
was published
for
hurl
(Rust)
Jun 11, 2025
CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error
High
GHSA-79xg-q4qm-7v9w
was published
for
github.com/CosmWasm/wasmd
(Go)
Jun 11, 2025
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
High
CVE-2025-49146
was published
for
org.postgresql:postgresql
(Maven)
Jun 11, 2025
Mattermost allows authenticated administrator to execute LDAP search filter injection
Moderate
CVE-2025-4573
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of
Low
CVE-2025-4128
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Low
GHSA-2x5j-vhc8-9cwm
was published
for
github.com/cloudflare/circl
(Go)
Jun 10, 2025
Nautobot may allows uploaded media files to be accessible without authentication
Moderate
CVE-2025-49143
was published
for
nautobot
(pip)
Jun 10, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
High
GHSA-68cf-j696-wvv9
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 10, 2025
ProTip!
Advisories are also available from the
GraphQL API