GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,400
Maven
5,000+
npm
4,040
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,002
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,319 advisories
Filter by severity
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
Moderate
CVE-2021-21411
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
Moderate
GHSA-rxmq-m78w-7wmc
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 30, 2025
Ruby SAML DOS vulnerability with large SAML response
Moderate
CVE-2025-54572
was published
for
ruby-saml
(RubyGems)
Jul 30, 2025
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
Moderate
CVE-2025-7784
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 30, 2025
Keycloak phishing attack via email verification step in first login flow
Moderate
CVE-2025-7365
was published
for
org.keycloak:keycloak-services
(Maven)
Jul 30, 2025
Bacula-web SQL Injection Vulnerability
High
CVE-2025-45346
was published
for
bacula-web/bacula-web
(Composer)
Jul 29, 2025
Bugsink path traversal via event_id in ingestion
High
CVE-2025-54433
was published
for
bugsink
(pip)
Jul 29, 2025
Moby firewalld reload removes bridge network isolation
Low
CVE-2025-54410
was published
for
github.com/docker/docker
(Go)
Jul 29, 2025
Moby firewalld reload makes published container ports accessible from remote hosts
Moderate
CVE-2025-54388
was published
for
github.com/docker/docker
(Go)
Jul 29, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
Koa Open Redirect via Referrer Header (User-Controlled)
Low
CVE-2025-8129
was published
for
koa
(npm)
Jul 29, 2025
Umbraco Delivery API allows for cached requests to be returned with an invalid API key
Moderate
CVE-2025-54425
was published
for
Umbraco.Cms.Api.Delivery
(NuGet)
Jul 29, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs
Moderate
CVE-2025-50738
was published
for
github.com/usememos/memos
(Go)
Jul 29, 2025
z-push/z-push-dev SQL Injection Vulnerability
High
CVE-2025-8264
was published
for
z-push/z-push-dev
(Composer)
Jul 29, 2025
Netavark Has Possible DNS Resolve Confusion
Low
CVE-2025-8283
was published
for
netavark
(Rust)
Jul 28, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
webfinger.js Blind SSRF Vulnerability
Moderate
GHSA-8xq3-w9fx-74rv
was published
for
webfinger.js
(npm)
Jul 28, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
High
CVE-2025-8267
was published
for
ssrfcheck
(npm)
Jul 28, 2025
Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Low
GHSA-rfx3-ffrp-6875
was published
for
sequoia-openpgp
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic
Low
GHSA-q5h2-xq96-6gmc
was published
for
buffered-reader
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Moderate
GHSA-g693-v3jr-8hcr
was published
for
ed25519-dalek
(Rust)
Jul 28, 2025
•
withdrawn
Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read
Moderate
GHSA-gw89-822v-8v8g
was published
for
openssl
(Rust)
Jul 28, 2025
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API