Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

10,214 advisories

Loading
Pleezer resource exhaustion through uncollected hook script processes Moderate
CVE-2025-32439 was published for pleezer (Rust) Apr 14, 2025
MadMarcsen
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Rich-Harris
dominikg dummdidumm
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel jimsynz
maennchen barnabasJ sevenseacat
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups Moderate
CVE-2025-27789 was published for @babel/helpers (npm) Mar 11, 2025
mmmsssttt404 JLHwung
nicolo-ribaudo TiKevin83 davidfaj
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
Cross-site Scripting in MobileDetect Moderate
CVE-2018-25080 was published for mobiledetect/mobiledetectlib (Composer) Feb 4, 2023
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
Permission policy information leakage in Backstage permission system Moderate
CVE-2025-32791 was published for @backstage/plugin-permission-backend (npm) Apr 16, 2025
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
Cross site scripting via input unit widget Moderate
CVE-2023-36806 was published for contao/core-bundle (Composer) Jul 25, 2023
Cross site scripting in the system log Moderate
CVE-2021-35210 was published for contao/contao (Composer) Jul 1, 2021
PEAR HTTP_Request2 vulnerable to Cross-site Scripting Moderate
CVE-2025-43717 was published for pear/http_request2 (Composer) Apr 17, 2025
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
cnlh nps vulnerable to file overwrite by local user Moderate
CVE-2019-15119 was published for ehang.io/nps (Go) May 24, 2022
Liferay Cross-site Scripting vulnerability Moderate
CVE-2025-3760 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 17, 2025
Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack Moderate
GHSA-4v5x-9m47-cqr2 was published for org.wildfly:wildfly-elytron-oidc-client-subsystem (Maven) Dec 9, 2024 withdrawn
darranl
juzawebCMS Incorrect Access Control vulnerability Moderate
CVE-2023-46906 was published for juzaweb/cms (Composer) Jan 9, 2024
Cross Site Scripting vulnerability in Contribsys Sidekiq Moderate
CVE-2023-46950 was published for sidekiq-unique-jobs (RubyGems) Mar 1, 2024
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
OpenCMS cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41446 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41447 was published for org.opencms:opencms-core (Maven) Apr 18, 2025
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
GoBGP does not properly check the input length Moderate
CVE-2025-43970 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database