GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,777
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,750
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,840 advisories
Filter by severity
brace-expansion Regular Expression Denial of Service vulnerability
Low
CVE-2025-5889
was published
for
brace-expansion
(npm)
Jun 9, 2025
pm2 Regular Expression Denial of Service vulnerability
Low
CVE-2025-5891
was published
for
pm2
(npm)
Jun 9, 2025
HaxCMS-PHP Command Injection Vulnerability
High
CVE-2025-49141
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jun 9, 2025
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)
High
CVE-2025-49140
was published
for
github.com/pion/interceptor
(Go)
Jun 9, 2025
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability
Moderate
CVE-2025-49139
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jun 9, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs
Moderate
CVE-2024-47081
was published
for
requests
(pip)
Jun 9, 2025
Backend.AI Missing Authorization vulnerability
High
CVE-2025-49651
was published
for
backend.ai
(pip)
Jun 9, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2025-49653
was published
for
backend.ai
(pip)
Jun 9, 2025
BackendAI Missing Authentication for Critical Function
Critical
CVE-2025-49652
was published
for
backend.ai
(pip)
Jun 9, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
Moderate
CVE-2025-49138
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
Hax CMS Stored Cross-Site Scripting vulnerability
High
CVE-2025-49137
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-49130
was published
for
barryvdh/laravel-translation-manager
(Composer)
Jun 9, 2025
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Critical
CVE-2025-49136
was published
for
github.com/knadh/listmonk
(Go)
Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2025-25208
was published
for
github.com/kuadrant/authorino
(Go)
Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2025-25207
was published
for
github.com/kuadrant/authorino
(Go)
Jun 9, 2025
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Moderate
CVE-2025-49128
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Jun 7, 2025
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Low
CVE-2025-49011
was published
for
github.com/authzed/spicedb
(Go)
Jun 6, 2025
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
High
CVE-2025-47950
was published
for
github.com/coredns/coredns
(Go)
Jun 6, 2025
Para Inserts Sensitive Information into Log File for Facebook authentication
Moderate
CVE-2025-49009
was published
for
com.erudika:para-server
(Maven)
Jun 6, 2025
Duplicate Advisory: users may append `root` to group listings
High
GHSA-jq8x-v7jw-v675
was published
for
users
(Rust)
Jun 6, 2025
•
withdrawn
Jenkins Gatling Plugin Vulnerable to Cross-Site Scripting (XSS)
High
CVE-2025-5806
was published
for
org.jenkins-ci.plugins:gatling
(Maven)
Jun 6, 2025
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2025-27531
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jun 6, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability
Critical
GHSA-c42h-56wx-h85q
was published
for
auth0/login
(Composer)
Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability
Critical
GHSA-98j6-67v3-mw34
was published
for
auth0/symfony
(Composer)
Jun 6, 2025
ProTip!
Advisories are also available from the
GraphQL API