Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,861 advisories

Loading
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
XWiki allows SQL injection in query endpoint of REST API with Oracle Critical
CVE-2024-56158 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 12, 2025
Citizen skin vulnerable to stored XSS through multiple system messages Moderate
CVE-2025-49575 was published for starcitizentools/citizen-skin (Composer) Jun 11, 2025
SomeMWDev
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
Drupal Lightgallery Cross-site Scripting vulnerability Moderate
CVE-2025-48447 was published for drupal/lightgallery (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48013 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48444 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability High
CVE-2025-48446 was published for drupal/commerce_alphabank_redirect (Composer) Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability High
CVE-2025-48445 was published for drupal/commerce_eurobank_redirect (Composer) Jun 11, 2025
Hashicorp Nomad Incorrect Privilege Assignment vulnerability High
CVE-2025-4922 was published for github.com/hashicorp/nomad (Go) Jun 11, 2025
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability High
CVE-2025-30399 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 11, 2025
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections Moderate
GHSA-v33j-v3x4-42qg was published for hurl (Rust) Jun 11, 2025
CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error High
GHSA-79xg-q4qm-7v9w was published for github.com/CosmWasm/wasmd (Go) Jun 11, 2025
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration High
CVE-2025-49146 was published for org.postgresql:postgresql (Maven) Jun 11, 2025
jawj
Mattermost allows authenticated administrator to execute LDAP search filter injection Moderate
CVE-2025-4573 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-2x5j-vhc8-9cwm was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Nautobot may allows uploaded media files to be accessible without authentication Moderate
CVE-2025-49143 was published for nautobot (pip) Jun 10, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx High
GHSA-68cf-j696-wvv9 was published for org.geoserver:gs-wfs (Maven) Jun 10, 2025
felixmaechtle nils-loose
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database