Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22,828 advisories

Loading
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability High
CVE-2024-57186 was published for erxes (npm) Jun 10, 2025
Erxes Incorrect Access Control vulnerability High
CVE-2024-57190 was published for erxes (npm) Jun 10, 2025
Coverage REST API Server Side Request Forgery Moderate
CVE-2024-40625 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
trganda jodygarnett
GWC Home Page communicate version and revision information Moderate
CVE-2024-38524 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith felixmaechtle
davidblasby nils-loose jodygarnett aaime
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability Moderate
CVE-2025-27817 was published for org.apache.kafka:kafka-clients (Maven) Jun 10, 2025
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime jodygarnett
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
brace-expansion Regular Expression Denial of Service vulnerability Low
CVE-2025-5889 was published for brace-expansion (npm) Jun 9, 2025
turi4200 carboneater
viceice
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
HaxCMS-PHP Command Injection Vulnerability High
CVE-2025-49141 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
userRPR
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) High
CVE-2025-49140 was published for github.com/pion/interceptor (Go) Jun 9, 2025
JoeTurki kmansoft
3DRX
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson jupenur
nateprewitt sigmavirus24
Backend.AI Missing Authorization vulnerability High
CVE-2025-49651 was published for backend.ai (pip) Jun 9, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2025-49653 was published for backend.ai (pip) Jun 9, 2025
BackendAI Missing Authentication for Critical Function Critical
CVE-2025-49652 was published for backend.ai (pip) Jun 9, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
Laravel Translation Manager Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-49130 was published for barryvdh/laravel-translation-manager (Composer) Jun 9, 2025
ProTip! Advisories are also available from the GraphQL API