Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,470
Erlang
33
GitHub Actions
24
Go
2,172
Maven
5,000+
npm
3,834
NuGet
696
pip
3,511
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,206 advisories

Loading
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas
Easy!Appointments Improper Restriction of Excessive Authentication Attempts Critical
CVE-2024-57602 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment Critical
CVE-2025-2304 was published for camaleon_cms (RubyGems) Mar 14, 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Critical
CVE-2025-24813 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 10, 2025
westonsteimel
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
aaime
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-core (Maven) Feb 10, 2022
kurt-r2c jfposton
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
Jenkins allows Execution of Code by Opening a JRMP Listener Critical
CVE-2016-0788 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) Critical
GHSA-h2rp-8vpx-q9r4 was published for github.com/cheqd/cheqd-node (Go) Mar 13, 2025
gjermundgaraba
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database