Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,906
NuGet
703
pip
3,677
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,271 advisories

Loading
org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API Critical
CVE-2025-32969 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 23, 2025
madprogrammer
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 Critical
GHSA-ggpf-24jw-3fcw was published for vllm (pip) Apr 23, 2025
azraelxuemo russellb
Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 Critical
CVE-2025-32965 was published for xrpl (npm) Apr 22, 2025
Wazuh server vulnerable to remote code execution Critical
CVE-2025-24016 was published for github.com/wazuh/wazuh (Go) Apr 22, 2025
DanielFi GGP1
MCMS allows arbitrary file uploads in the ueditor component Critical
CVE-2025-29287 was published for net.mingsoft:ms-mcms (Maven) Apr 21, 2025
Traefik affected by Go HTTP Request Smuggling Vulnerability Critical
GHSA-5423-jcjm-2gpv was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
varunbondre
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for torch (pip) Apr 18, 2025
azraelxuemo
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Dpanel's hard-coded JWT secret leads to remote code execution Critical
CVE-2025-30206 was published for github.com/donknap/dpanel (Go) Apr 15, 2025
NS-Sp4ce
DevDojo Voyager Argument Injection vulnerability Critical
CVE-2025-32931 was published for tcg/voyager (Composer) Apr 14, 2025
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek consideRatio
minrk
SurrealDB server-takeover via SurrealQL injection on backup import Critical
GHSA-ccj3-5p93-8p42 was published for surrealdb (Rust) Apr 11, 2025
cure53
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key Critical
CVE-2024-58136 was published for yiisoft/yii2 (Composer) Apr 10, 2025
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-32375 was published for bentoml (pip) Apr 9, 2025
SeaW1nd
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
CVE-2025-3248 was published for langflow (pip) Apr 7, 2025
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-27520 was published for bentoml (pip) Apr 4, 2025
c2an1
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering Critical
CVE-2025-2946 was published for pgadmin4 (pip) Apr 3, 2025
pgAdmin 4 Vulnerable to Remote Code Execution Critical
CVE-2025-2945 was published for pgadmin4 (pip) Apr 3, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
Rancher: Restricted Administrator can change Administrator's passwords Critical
CVE-2025-23391 was published for github.com/rancher/rancher (Go) Apr 1, 2025
XavierDuthil
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution Critical
CVE-2025-30065 was published for org.apache.parquet:parquet-avro (Maven) Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass Critical
CVE-2024-56325 was published for org.apache.pinot:pinot (Maven) Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database