GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,814
Erlang
36
GitHub Actions
32
Go
2,399
Maven
5,000+
npm
4,040
NuGet
722
pip
3,829
Pub
12
RubyGems
932
Rust
1,002
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,312 advisories
Filter by severity
Bugsink path traversal via event_id in ingestion
High
CVE-2025-54433
was published
for
bugsink
(pip)
Jul 29, 2025
Moby firewalld reload removes bridge network isolation
Low
CVE-2025-54410
was published
for
github.com/docker/docker
(Go)
Jul 29, 2025
Moby firewalld reload makes published container ports accessible from remote hosts
Moderate
CVE-2025-54388
was published
for
github.com/docker/docker
(Go)
Jul 29, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
Koa Open Redirect via Referrer Header (User-Controlled)
Low
CVE-2025-8129
was published
for
koa
(npm)
Jul 29, 2025
Umbraco Delivery API allows for cached requests to be returned with an invalid API key
Moderate
CVE-2025-54425
was published
for
Umbraco.Cms.Api.Delivery
(NuGet)
Jul 29, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs
Moderate
CVE-2025-50738
was published
for
github.com/usememos/memos
(Go)
Jul 29, 2025
z-push/z-push-dev SQL Injection Vulnerability
High
CVE-2025-8264
was published
for
z-push/z-push-dev
(Composer)
Jul 29, 2025
Netavark Has Possible DNS Resolve Confusion
Low
CVE-2025-8283
was published
for
netavark
(Rust)
Jul 28, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
webfinger.js Blind SSRF Vulnerability
Moderate
GHSA-8xq3-w9fx-74rv
was published
for
webfinger.js
(npm)
Jul 28, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
High
CVE-2025-8267
was published
for
ssrfcheck
(npm)
Jul 28, 2025
Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic
Low
GHSA-q5h2-xq96-6gmc
was published
for
buffered-reader
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Low
GHSA-rfx3-ffrp-6875
was published
for
sequoia-openpgp
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Moderate
GHSA-g693-v3jr-8hcr
was published
for
ed25519-dalek
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read
Moderate
GHSA-gw89-822v-8v8g
was published
for
openssl
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: gix-transport code execution vulnerability
Moderate
GHSA-5c5j-jmhx-q2gr
was published
for
gix-transport
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: Remotely exploitable denial of service in Rosenpass
Moderate
GHSA-624c-2h52-gf7f
was published
for
rosenpass
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: Multiple issues involving quote API in shlex
Low
GHSA-286m-6pg9-v42v
was published
for
shlex
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: Unauthenticated Nonce Increment in snow
Low
GHSA-97f8-h76h-f297
was published
for
snow
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: transpose: Buffer overflow due to integer overflow
Moderate
GHSA-p444-p2rm-hvrw
was published
for
transpose
(Rust)
Jul 27, 2025
•
withdrawn
Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing
Low
GHSA-j87p-gjr6-m4pv
was published
for
serde-json-wasm
(Rust)
Jul 27, 2025
•
withdrawn
Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp
Low
GHSA-g97w-mw7g-v3jv
was published
for
sequoia-openpgp
(Rust)
Jul 27, 2025
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API