Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

284 advisories

Loading
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal taxone
Credited to amita-seal and taxone
org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type Critical
CVE-2025-32974 was published for org.xwiki.platform:xwiki-platform-security-requiredrights-default (Maven) Apr 29, 2025
YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution High
CVE-2025-46347 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Credited to pizza-power
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker... Moderate Unreviewed
CVE-2025-4084 was published Apr 29, 2025
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows... High Unreviewed
CVE-2025-24338 was published Apr 30, 2025
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass... Critical Unreviewed
CVE-2024-56524 was published May 12, 2025
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific... High Unreviewed
CVE-2025-1308 was published May 20, 2025
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed
CVE-2021-25254 was published May 21, 2025
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN... Moderate Unreviewed
CVE-2021-25262 was published May 21, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed
CVE-2025-5271 was published May 27, 2025
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed
CVE-2025-25029 was published May 28, 2025
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
Duplicate Advisory: Multiple issues involving quote API in shlex Low
GHSA-286m-6pg9-v42v was published for shlex (Rust) Jul 28, 2025 withdrawn
In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed
CVE-2025-0083 was published Aug 27, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-57880 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-48007 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-46703 was published Sep 19, 2025
get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass Critical
CVE-2025-59936 was published for get-jwks (npm) Sep 26, 2025
epureionut99
Credited to epureionut99
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-0607 was published Oct 6, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize... High Unreviewed
CVE-2025-55903 was published Oct 10, 2025
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination Moderate
CVE-2025-61912 was published for python-ldap (pip) Oct 10, 2025
aradona91
Credited to aradona91
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database