Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,763 advisories

Loading
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Mautic does not shield .env files from web traffic Moderate
CVE-2024-47056 was published for mautic/core (Composer) May 28, 2025
r3ky lenonleite
nick-vanpraet patrykgruszka
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure Moderate
CVE-2025-5257 was published for mautic/core (Composer) May 28, 2025
ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection High
CVE-2025-48936 was published for github.com/zitadel/zitadel (Go) May 28, 2025
amit-laish livio-a
eliobischof
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
Apache Commons Improper Access Control vulnerability High
CVE-2025-48734 was published for commons-beanutils:commons-beanutils (Maven) May 28, 2025
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin High
CVE-2025-5279 was published for redshift-connector (pip) May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
Contrast workload secrets leak to logs on INFO level High
GHSA-h5f8-crrq-4pw8 was published for github.com/edgelesssys/contrast (Go) May 28, 2025
burgerdev katexochen
thomasten
Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users High
CVE-2025-48881 was published for com.ritense.valtimo:object-management (Maven) May 28, 2025
Traefik allows path traversal using url encoding Low
CVE-2025-47952 was published for github.com/traefik/traefik (Go) May 28, 2025
antonjanrutten
Hackney fails to properly release HTTP connections to the pool Low
CVE-2025-3864 was published for hackney (Erlang) May 28, 2025
LLama-Index CLI OS command injection vulnerability High
CVE-2025-1753 was published for llama-index-cli (pip) May 28, 2025
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Laravel Rest Api has a Search Validation Bypass Moderate
CVE-2025-48490 was published for lomkit/laravel-rest-api (Composer) May 27, 2025
edepauw
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking High
CVE-2025-48383 was published for django-select2 (pip) May 27, 2025
neartik ronanboiteau
Fess has Insecure Temporary File Permissions Low
CVE-2025-48382 was published for org.codelibs.fess:fess (Maven) May 27, 2025
simei2k yusuke-koyoshi
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Moderate
CVE-2025-48054 was published for radashi (npm) May 27, 2025
arkark aleclarson
ActiveMQ Artemis AMQ Broker Operator Starting Credentials Reuse Moderate
CVE-2025-4057 was published for github.com/arkmq-org/activemq-artemis-operator (Go) May 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database