Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,763 advisories

Loading
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2025-30167 was published for jupyter_core (pip) Jun 4, 2025
krassowski
Deno's AES GCM authentication tags are not verified High
CVE-2025-24015 was published for deno (Rust) Jun 4, 2025
canislupaster
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
AngularJS Incomplete Filtering of Special Elements vulnerability Moderate
CVE-2025-2336 was published for angular-sanitize (npm) Jun 4, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language Moderate
CVE-2025-35036 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 3, 2025
Pekko Management may not properly apply authenticator when Basic Authentication enabled Moderate
CVE-2025-46548 was published for com.lightbend.akka.management:akka-management_2.12 (Maven) Jun 3, 2025
Erupt Unrestricted Upload of File with Dangerous Type vulnerability Moderate
CVE-2025-45855 was published for xyz.erupt:erupt (Maven) Jun 3, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
quic-go Has Panic in Path Probe Loss Recovery Handling High
CVE-2025-29785 was published for github.com/quic-go/quic-go (Go) Jun 3, 2025
WSO2 products vulnerable to Cross-site Scripting Moderate
CVE-2024-8008 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui (Maven) Jun 2, 2025
Grafana vulnerable to authenticated users bypassing dashboard, folder permissions High
CVE-2025-3260 was published for github.com/grafana/grafana (Go) Jun 2, 2025
Grafana's datasource proxy API allows authorization checks to be bypassed Moderate
CVE-2025-3454 was published for github.com/grafana/grafana (Go) Jun 2, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
django-helpdesk Allows Sensitive Data Exposure Moderate
CVE-2018-25111 was published for django-helpdesk (pip) May 31, 2025
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
Para Server Logs Sensitive Information Moderate
CVE-2025-48955 was published for com.erudika:para-server (Maven) May 30, 2025
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller BagToad
babakks matt- shilpakum vcsjones
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to clear Google OAuth credentials Moderate
CVE-2025-2571 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly invalidate personal access tokens upon user deactivation Moderate
CVE-2025-3230 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database