Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23,312 advisories

Loading
Bugsink path traversal via event_id in ingestion High
CVE-2025-54433 was published for bugsink (pip) Jul 29, 2025
Moby firewalld reload removes bridge network isolation Low
CVE-2025-54410 was published for github.com/docker/docker (Go) Jul 29, 2025
Moby firewalld reload makes published container ports accessible from remote hosts Moderate
CVE-2025-54388 was published for github.com/docker/docker (Go) Jul 29, 2025
BentoML SSRF Vulnerability in File Upload Processing Critical
CVE-2025-54381 was published for bentoml (pip) Jul 29, 2025
geckosecurity jjjutla
nkoorty
Koa Open Redirect via Referrer Header (User-Controlled) Low
CVE-2025-8129 was published for koa (npm) Jul 29, 2025
NinjaGPT
Umbraco Delivery API allows for cached requests to be returned with an invalid API key Moderate
CVE-2025-54425 was published for Umbraco.Cms.Api.Delivery (NuGet) Jul 29, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs Moderate
CVE-2025-50738 was published for github.com/usememos/memos (Go) Jul 29, 2025
z-push/z-push-dev SQL Injection Vulnerability High
CVE-2025-8264 was published for z-push/z-push-dev (Composer) Jul 29, 2025
Netavark Has Possible DNS Resolve Confusion Low
CVE-2025-8283 was published for netavark (Rust) Jul 28, 2025
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
webfinger.js Blind SSRF Vulnerability Moderate
GHSA-8xq3-w9fx-74rv was published for webfinger.js (npm) Jul 28, 2025
orihjfrog
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic Low
GHSA-q5h2-xq96-6gmc was published for buffered-reader (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
GHSA-rfx3-ffrp-6875 was published for sequoia-openpgp (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack Moderate
GHSA-g693-v3jr-8hcr was published for ed25519-dalek (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read Moderate
GHSA-gw89-822v-8v8g was published for openssl (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: gix-transport code execution vulnerability Moderate
GHSA-5c5j-jmhx-q2gr was published for gix-transport (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: Remotely exploitable denial of service in Rosenpass Moderate
GHSA-624c-2h52-gf7f was published for rosenpass (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: Multiple issues involving quote API in shlex Low
GHSA-286m-6pg9-v42v was published for shlex (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: Unauthenticated Nonce Increment in snow Low
GHSA-97f8-h76h-f297 was published for snow (Rust) Jul 28, 2025 withdrawn
Duplicate Advisory: transpose: Buffer overflow due to integer overflow Moderate
GHSA-p444-p2rm-hvrw was published for transpose (Rust) Jul 27, 2025 withdrawn
Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing Low
GHSA-j87p-gjr6-m4pv was published for serde-json-wasm (Rust) Jul 27, 2025 withdrawn
Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-g97w-mw7g-v3jv was published for sequoia-openpgp (Rust) Jul 27, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API