GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
21,324 advisories
Filter by severity
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Moderate
CVE-2025-25296
was published
for
label-studio
(pip)
Feb 14, 2025
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
High
CVE-2025-25297
was published
for
label-studio
(pip)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
Possible Log Injection in Rack::CommonLogger
Moderate
CVE-2025-25184
was published
for
rack
(RubyGems)
Feb 12, 2025
Withdrawn Advisory: Command injection in Ray
Critical
CVE-2024-57000
was published
for
ray
(pip)
Feb 12, 2025
•
withdrawn
Remote code execution in alextselegidis/easyappointments
Moderate
CVE-2024-57601
was published
for
alextselegidis/easyappointments
(Composer)
Feb 13, 2025
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Moderate
CVE-2025-25204
was published
for
github.com/cli/cli/v2
(Go)
Feb 14, 2025
Label Studio has a Path Traversal Vulnerability via image Field
High
CVE-2025-25295
was published
for
label-studio-sdk
(pip)
Feb 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node
Critical
CVE-2024-52577
was published
for
org.apache.ignite:ignite-core
(Maven)
Feb 14, 2025
angular vulnerable to regular expression denial of service via the angular.copy() utility
Moderate
CVE-2023-26116
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element
Moderate
CVE-2023-26118
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service
Moderate
CVE-2023-26117
was published
for
angular
(npm)
Mar 30, 2023
DOMPurify allows Cross-site Scripting (XSS)
Moderate
CVE-2025-26791
was published
for
dompurify
(npm)
Feb 14, 2025
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Moderate
CVE-2025-1057
was published
for
keylime
(pip)
Feb 14, 2025
Apache James MIME4J improper input validation vulnerability
Moderate
CVE-2024-21742
was published
for
org.apache.james:apache-mime4j-core
(Maven)
Feb 27, 2024
Fyrox has unsound usages of `Vec::from_raw_parts`
Low
GHSA-h7h7-6mx3-r89v
was published
for
fyrox-core
(Rust)
Feb 14, 2025
Uncaught Panic in ORML Rewards Pallet
High
GHSA-5v93-9mqw-p9mh
was published
for
orml-rewards
(Rust)
Feb 14, 2025
Denial of Service attack on windows app using Netty
Moderate
CVE-2025-25193
was published
for
io.netty:netty-common
(Maven)
Feb 10, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
High
CVE-2025-26511
was published
for
com.instaclustr:cassandra-lucene-index-plugin
(Maven)
Feb 13, 2025
Missing rate limit in MaysWind ezBookkeeping
Moderate
CVE-2024-57603
was published
for
github.com/mayswind/ezbookkeeping
(Go)
Feb 13, 2025
ProTip!
Advisories are also available from the
GraphQL API