GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,828 advisories
Filter by severity
Erxes Path Traversal vulnerability
Moderate
CVE-2024-57189
was published
for
erxes
(npm)
Jun 10, 2025
Erxes Incorrect Access Control vulnerability
High
CVE-2024-57190
was published
for
erxes
(npm)
Jun 10, 2025
Coverage REST API Server Side Request Forgery
Moderate
CVE-2024-40625
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GWC Home Page communicate version and revision information
Moderate
CVE-2024-38524
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Critical
CVE-2024-34711
was published
for
org.geoserver.main:gs-main
(Maven)
Jun 10, 2025
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
High
CVE-2024-29198
was published
for
org.geoserver.web:gs-app
(Maven)
Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability
High
CVE-2025-27818
was published
for
org.apache.kafka:kafka
(Maven)
Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability
High
CVE-2025-27819
was published
for
org.apache.kafka:kafka
(Maven)
Jun 10, 2025
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
Moderate
CVE-2025-27817
was published
for
org.apache.kafka:kafka-clients
(Maven)
Jun 10, 2025
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling
Critical
GHSA-826p-4gcg-35vw
was published
for
org.geotools:gt-wfs-ng
(Maven)
Jun 9, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability
Moderate
CVE-2025-5896
was published
for
taro-css-to-react-native
(npm)
Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
Moderate
CVE-2025-5897
was published
for
@vue/cli-plugin-pwa
(npm)
Jun 9, 2025
brace-expansion Regular Expression Denial of Service vulnerability
Low
CVE-2025-5889
was published
for
brace-expansion
(npm)
Jun 9, 2025
pm2 Regular Expression Denial of Service vulnerability
Low
CVE-2025-5891
was published
for
pm2
(npm)
Jun 9, 2025
HaxCMS-PHP Command Injection Vulnerability
High
CVE-2025-49141
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jun 9, 2025
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)
High
CVE-2025-49140
was published
for
github.com/pion/interceptor
(Go)
Jun 9, 2025
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability
Moderate
CVE-2025-49139
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jun 9, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs
Moderate
CVE-2024-47081
was published
for
requests
(pip)
Jun 9, 2025
Backend.AI Missing Authorization vulnerability
High
CVE-2025-49651
was published
for
backend.ai
(pip)
Jun 9, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2025-49653
was published
for
backend.ai
(pip)
Jun 9, 2025
BackendAI Missing Authentication for Critical Function
Critical
CVE-2025-49652
was published
for
backend.ai
(pip)
Jun 9, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
Moderate
CVE-2025-49138
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
Hax CMS Stored Cross-Site Scripting vulnerability
High
CVE-2025-49137
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-49130
was published
for
barryvdh/laravel-translation-manager
(Composer)
Jun 9, 2025
ProTip!
Advisories are also available from the
GraphQL API