Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,906
NuGet
703
pip
3,677
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,797 advisories

Loading
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries Moderate
GHSA-pmc3-p9hx-jq96 was published for github.com/refraction-networking/utls (Go) Apr 23, 2025
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting Moderate
CVE-2024-47829 was published for pnpm (npm) Apr 23, 2025
kexinoh
Laravel Starter Cross Site Scripting (XSS) Moderate
CVE-2025-26159 was published for nasirkhan/laravel-starter (Composer) Apr 22, 2025
XSS in the /download Endpoint of the JPA Web API Moderate
CVE-2025-32961 was published for com.haulmont.addon.jpawebapi:jpawebapi-jpawebapi (Maven) Apr 22, 2025
XSS in the /files Endpoint of the Generic REST API Moderate
CVE-2025-32960 was published for com.haulmont.addon.restapi:restapi-rest-api (Maven) Apr 22, 2025
Cuba has a DoS in the File Storage Moderate
CVE-2025-32959 was published for com.haulmont.cuba:cuba-core (Maven) Apr 22, 2025
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage Moderate
CVE-2025-32952 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API Moderate
CVE-2025-32951 was published for io.jmix.rest:jmix-rest (Maven) Apr 22, 2025
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage Moderate
CVE-2025-32950 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
shadowsock5
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi
Harden-Runner allows evasion of 'disable-sudo' policy Moderate
CVE-2025-32955 was published for step-security/harden-runner (GitHub Actions) Apr 22, 2025
loresuso darryk10
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters Moderate
CVE-2025-32793 was published for github.com/cilium/cilium (Go) Apr 21, 2025
julianwiedmann
OpenCMS cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41446 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
croogo Host header injection Moderate
CVE-2024-29643 was published for croogo/croogo (Composer) Apr 21, 2025
GoBGP does not verify that the input length Moderate
CVE-2025-43973 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP crashes in the flowspec parser Moderate
CVE-2025-43972 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP does not properly check the input length Moderate
CVE-2025-43970 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41447 was published for org.opencms:opencms-core (Maven) Apr 18, 2025
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
Liferay Cross-site Scripting vulnerability Moderate
CVE-2025-3760 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 17, 2025
PEAR HTTP_Request2 vulnerable to Cross-site Scripting Moderate
CVE-2025-43717 was published for pear/http_request2 (Composer) Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database