Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,426 advisories

Loading
ExecuTorch out-of-bounds access vulnerability Critical
CVE-2025-54950 was published for executorch (pip) Aug 8, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
ptrgits giteku
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp dregad
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
num2words subjected to phishing attack, two versions published containing malware Critical
GHSA-jxr6-qrxx-2ph2 was published for num2words (pip) Jul 31, 2025
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion Critical
CVE-2025-54576 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
jennifer-recurity
BentoML SSRF Vulnerability in File Upload Processing Critical
CVE-2025-54381 was published for bentoml (pip) Jul 29, 2025
geckosecurity jjjutla
nkoorty
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
tj-actions/branch-names has a Command Injection Vulnerability Critical
CVE-2025-54416 was published for tj-actions/branch-names (GitHub Actions) Jul 25, 2025
tutasla
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter Critical
CVE-2025-32429 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jul 24, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical
CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Nokogiri patches vendored libxml2 to resolve multiple CVEs Critical
GHSA-353f-x4gh-cqq8 was published for nokogiri (RubyGems) Jul 21, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann ljharb
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
remsio-syn worty-syn
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database