GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,032
NuGet
721
pip
3,821
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,258 advisories
Filter by severity
JHipster allows privilege escalation via a modified authorities parameter
High
CVE-2025-43712
was published
for
generator-jhipster
(npm)
Jul 25, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Critical
GHSA-75jv-vfxf-3865
was published
for
assemblyline-service-client
(pip)
Jul 25, 2025
XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API
High
CVE-2025-54385
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 25, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
Critical
CVE-2025-32429
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Jul 24, 2025
eKuiper API endpoints handling SQL queries with user-controlled table names.
High
CVE-2025-54379
was published
for
github.com/lf-edge/ekuiper/v2
(Go)
Jul 24, 2025
ImageMagick has XMP profile write that triggers hang due to unbounded loop
High
CVE-2025-53015
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jul 23, 2025
Mezzanine CMS vulnerable to Cross-site Scripting
Moderate
CVE-2025-50481
was published
for
Mezzanine
(pip)
Jul 23, 2025
Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data
High
CVE-2025-54371
was published
for
axios
(npm)
Jul 23, 2025
•
withdrawn
Possible ORM Leak Vulnerability in the Harbor
Moderate
CVE-2025-30086
was published
for
github.com/goharbor/harbor
(Go)
Jul 23, 2025
FastAPI Guard has a regex bypass
High
CVE-2025-54365
was published
for
fastapi-guard
(pip)
Jul 23, 2025
Harbor repository description page has Cross-site Scripting vulnerability
Moderate
CVE-2025-32019
was published
for
github.com/goharbor/harbor
(Go)
Jul 23, 2025
files-bucket-server vulnerable to Directory Traversal
High
CVE-2025-8021
was published
for
files-bucket-server
(npm)
Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery
High
CVE-2025-8020
was published
for
private-ip
(npm)
Jul 23, 2025
Ollama vulnerable to Cross-Domain Token Exposure
Moderate
CVE-2025-51471
was published
for
github.com/ollama/ollama
(Go)
Jul 22, 2025
Dagster Local File Inclusion vulnerability
Moderate
CVE-2025-51481
was published
for
dagster
(pip)
Jul 22, 2025
Aim vulnerable to Cross-site Scripting
Moderate
CVE-2025-51464
was published
for
aim
(pip)
Jul 22, 2025
Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources
High
CVE-2025-53942
was published
for
goauthentik.io
(Go)
Jul 22, 2025
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service
High
CVE-2025-47281
was published
for
github.com/kyverno/kyverno
(Go)
Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference
Moderate
CVE-2025-7899
was published
for
in2code/powermail
(Composer)
Jul 22, 2025
Femanager extension for TYPO3 allows Insecure Direct Object Reference
Moderate
CVE-2025-7900
was published
for
in2code/femanager
(Composer)
Jul 22, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
High
CVE-2025-54140
was published
for
pyload-ng
(pip)
Jul 21, 2025
HAX CMS application pages vulnerable to clickjacking
Moderate
CVE-2025-54139
was published
for
@haxtheweb/haxcms-nodejs
(Composer)
Jul 21, 2025
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
High
CVE-2025-54138
was published
for
librenms/librenms
(Composer)
Jul 21, 2025
ProTip!
Advisories are also available from the
GraphQL API