Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,744
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,953
NuGet
711
pip
3,731
Pub
12
RubyGems
920
Rust
969
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,728 advisories

Loading
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies High
CVE-2025-48947 was published for @auth0/nextjs-auth0 (npm) Jun 4, 2025
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy 0f-0b
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables Moderate
CVE-2025-48934 was published for deno (Rust) Jun 4, 2025
frankvd
Deno run with --allow-read and --deny-read flags results in allowed Moderate
CVE-2025-48888 was published for deno (Rust) Jun 4, 2025
nayeemrmn
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2025-30167 was published for jupyter_core (pip) Jun 4, 2025
krassowski
Deno's AES GCM authentication tags are not verified High
CVE-2025-24015 was published for deno (Rust) Jun 4, 2025
canislupaster
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
quic-go Has Panic in Path Probe Loss Recovery Handling High
CVE-2025-29785 was published for github.com/quic-go/quic-go (Go) Jun 3, 2025
django-helpdesk Allows Sensitive Data Exposure Moderate
CVE-2018-25111 was published for django-helpdesk (pip) May 31, 2025
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
Para Server Logs Sensitive Information Moderate
CVE-2025-48955 was published for com.erudika:para-server (Maven) May 30, 2025
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller BagToad
babakks matt- shilpakum vcsjones
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to clear Google OAuth credentials Moderate
CVE-2025-2571 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly invalidate personal access tokens upon user deactivation Moderate
CVE-2025-3230 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Apache Superset: Improper authorization bypass on row level security via SQL Injection High
CVE-2025-48912 was published for apache-superset (pip) May 30, 2025
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies High
CVE-2025-41235 was published for org.springframework.cloud:spring-cloud-gateway-server (Maven) May 30, 2025
Gradio Allows Unauthorized File Copy via Path Manipulation Moderate
CVE-2025-48889 was published for gradio (pip) May 29, 2025
jjjutla nkoorty
Navidrome Transcoding Permission Bypass Vulnerability Report High
CVE-2025-48948 was published for github.com/navidrome/navidrome (Go) May 29, 2025
lujiefsi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database