Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,259 advisories

Loading
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
SFTPGo has insufficient sanitization of user provided rsync command High
CVE-2025-24366 was published for github.com/drakkan/sftpgo (Go) Feb 7, 2025
ateamjkr
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
GHSA-rm76-4mrf-v9r8 was published for vllm (pip) Feb 6, 2025
kexinoh
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee modelorona
hkdeman
WhoDB has a path traversal opening Sqlite3 database Critical
CVE-2025-24786 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee modelorona
hkdeman
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025 withdrawn
GSadee
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal
Multiple rtmpdump vulnerabilities Critical
GHSA-vrpv-vw92-328g was published for rudloff/rtmpdump-bin (Composer) Feb 6, 2025
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke mhils
Apache James vulnerable to denial of service through JMAP HTML to text conversion Moderate
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
@rpldy/uploader prototype pollution High
CVE-2024-57082 was published for @rpldy/uploader (npm) Feb 6, 2025
vxe-table prototype pollution High
CVE-2024-57080 was published for vxe-table (npm) Feb 6, 2025
Netplex Json-smart Uncontrolled Recursion vulnerability High
CVE-2024-57699 was published for net.minidev:json-smart (Maven) Feb 6, 2025
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL
@ndhoule/defaults prototype pollution High
CVE-2024-57066 was published for @ndhoule/defaults (npm) Feb 6, 2025
@tanstack/form-core prototype pollution High
CVE-2024-57068 was published for @tanstack/form-core (npm) Feb 6, 2025
module-from-string prototype pollution High
CVE-2024-57072 was published for module-from-string (npm) Feb 6, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting) Critical
GHSA-9x4v-xfq5-m8x5 was published for better-auth (npm) Feb 5, 2025
Eriner
Plenti - Code Injection - Denial of Services Moderate
GHSA-mj4v-hp69-27x5 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database