Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,638
Erlang
34
GitHub Actions
26
Go
2,249
Maven
5,000+
npm
3,903
NuGet
702
pip
3,671
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

275,196 advisories

Loading
Harden-Runner allows evasion of 'disable-sudo' policy Moderate
CVE-2025-32955 was published for step-security/harden-runner (GitHub Actions) Apr 22, 2025
loresuso darryk10
WSO2 Carbon directory traversal vulnerability Moderate
CVE-2016-4314 was published for org.wso2.carbon.commons:org.wso2.carbon.logging.view.ui (Maven) May 14, 2022
WSO2 Carbon vulnerable to Cross-site Scripting Moderate
CVE-2016-4316 was published for org.wso2.carbon.commons:org.wso2.carbon.messageflows.ui (Maven) May 14, 2022
A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic.... Moderate Unreviewed
CVE-2025-3843 was published Apr 22, 2025
A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0.... Moderate Unreviewed
CVE-2025-3849 was published Apr 22, 2025
A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical.... Moderate Unreviewed
CVE-2025-3845 was published Apr 22, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical.... Moderate Unreviewed
CVE-2025-3846 was published Apr 22, 2025
A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This... Moderate Unreviewed
CVE-2025-3847 was published Apr 22, 2025
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Web2py Reflected XSS vulnerability Moderate
CVE-2016-4807 was published for web2py (pip) May 17, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
Smack allows the bypass of TLS protections Moderate
CVE-2016-10027 was published for org.igniterealtime.smack:smack-core (Maven) May 13, 2022
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415 Low
GHSA-5w6v-399v-w3cc was published for nokogiri (RubyGems) Apr 21, 2025
GoBGP does not verify that the input length Moderate
CVE-2025-43973 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP crashes in the flowspec parser Moderate
CVE-2025-43972 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP panics due to a zero value for softwareVersionLen High
CVE-2025-43971 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP does not properly check the input length Moderate
CVE-2025-43970 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41447 was published for org.opencms:opencms-core (Maven) Apr 18, 2025
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via... Moderate Unreviewed
CVE-2025-29450 was published Apr 17, 2025
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via... Moderate Unreviewed
CVE-2025-29449 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database