GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
23,319 advisories
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
Moderate
CVE-2021-21411
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
Moderate
GHSA-rxmq-m78w-7wmc
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 30, 2025
Ruby SAML DOS vulnerability with large SAML response
Moderate
CVE-2025-54572
was published
for
ruby-saml
(RubyGems)
Jul 30, 2025
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
Koa Open Redirect via Referrer Header (User-Controlled)
Low
CVE-2025-8129
was published
for
koa
(npm)
Jul 29, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
webfinger.js Blind SSRF Vulnerability
Moderate
GHSA-8xq3-w9fx-74rv
was published
for
webfinger.js
(npm)
Jul 28, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
ProTip!
Advisories are also available from the
GraphQL API