GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,334
Maven
5,000+
npm
3,967
NuGet
713
pip
3,763
Pub
12
RubyGems
923
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,876 advisories
Filter by severity
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint
High
CVE-2025-28382
was published
for
openc3-cosmos-tool-iframe
(RubyGems)
Jun 13, 2025
Ibexa RichText Field Type XSS vulnerabilities in back office
Moderate
GHSA-9qv6-4pwm-m68f
was published
for
ibexa/fieldtype-richtext
(Composer)
Jun 13, 2025
Ibexa Admin UI XSS vulnerabilities in back office
Moderate
GHSA-5r6x-g6jv-4v87
was published
for
ibexa/admin-ui
(Composer)
Jun 13, 2025
Ibexa Admin UI assets XSS vulnerabilities in back office
Moderate
GHSA-vhgq-r8gx-5fpv
was published
for
ibexa/admin-ui-assets
(Composer)
Jun 13, 2025
Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office
Moderate
GHSA-r5rx-53g9-25rj
was published
for
ezsystems/ezplatform-admin-ui-assets
(Composer)
Jun 13, 2025
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office
Moderate
GHSA-r7pm-mw8g-p7px
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in user registration date message
Moderate
CVE-2025-49578
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in menu heading message
Moderate
CVE-2025-49579
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
Moderate
CVE-2025-49577
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in search no result messages
Moderate
CVE-2025-49576
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method
Critical
CVE-2024-38824
was published
for
salt
(pip)
Jun 13, 2025
Salt's worker process vulnerable to denial of service through file read operation
Moderate
CVE-2025-22242
was published
for
salt
(pip)
Jun 13, 2025
Salt's file contents overwrite the VirtKey class
Moderate
CVE-2025-22241
was published
for
salt
(pip)
Jun 13, 2025
Salt has minion event bus authorization bypass vulnerability
High
CVE-2025-22236
was published
for
salt
(pip)
Jun 13, 2025
Salt vulnerable to arbitrary event injection
High
CVE-2025-22239
was published
for
salt
(pip)
Jun 13, 2025
Salt's salt.auth.pki module does not properly authenticate callers
Moderate
CVE-2024-38825
was published
for
salt
(pip)
Jun 13, 2025
Salt's on demand pillar functionality vulnerable to arbitrary command injections
Moderate
CVE-2025-22237
was published
for
salt
(pip)
Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation
Moderate
CVE-2025-22238
was published
for
salt
(pip)
Jun 13, 2025
Salt allows arbitrary directory creation or file deletion
Moderate
CVE-2025-22240
was published
for
salt
(pip)
Jun 13, 2025
Spring Framework vulnerable to a reflected file download (RFD)
Moderate
CVE-2025-41234
was published
for
org.springframework:spring-web
(Maven)
Jun 13, 2025
Vantage6 Server JWT secret not cryptographically secure
Low
CVE-2025-43866
was published
for
vantage6-server
(pip)
Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality
Low
CVE-2025-43863
was published
for
vantage6
(pip)
Jun 12, 2025
XWiki allows SQL injection in query endpoint of REST API with Oracle
Critical
CVE-2024-56158
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 12, 2025
Citizen skin vulnerable to stored XSS through multiple system messages
Moderate
CVE-2025-49575
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 11, 2025
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2025-48448
was published
for
drupal/admin_audit_trail
(Composer)
Jun 11, 2025
ProTip!
Advisories are also available from the
GraphQL API