Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,787 advisories

Loading
Denial of Service attack on windows app using Netty Moderate
CVE-2025-25193 was published for io.netty:netty-common (Maven) Feb 10, 2025
chrisvest Credited to chrisvest, navzen2000, henrikplate, JensBoening1337, and jfposton navzen2000 navzen2000
henrikplate henrikplate JensBoening1337 JensBoening1337 jfposton jfposton
grcov has an out of bounds write triggered by crafted coverage data Moderate
GHSA-qm2p-4w45-v2vr was published for grcov (Rust) Feb 10, 2025
Unknown vulnerability in Coinbase Wallet SDK High
GHSA-8rgj-285w-qcq4 was published for @coinbase/wallet-sdk (npm) Feb 10, 2025
esbuild enables any website to send any requests to the development server and read the response Moderate
GHSA-67mh-4wv8-2f99 was published for esbuild (npm) Feb 10, 2025
sapphi-red Credited to sapphi-red
Hickory DNS's DNSSEC validation may accept broken authentication chains Moderate
CVE-2025-25188 was published for hickory-proto (Rust) Feb 10, 2025
divergentdave Credited to divergentdave
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio Credited to manunio and nevans nevans nevans
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou Credited to johnou
Apache Felix Webconsole: XSS in services console Moderate
CVE-2025-25247 was published for org.apache.felix:org.apache.felix.webconsole (Maven) Feb 10, 2025
SQL injection in JeecgBoot High
CVE-2024-57606 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Feb 8, 2025
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
SFTPGo has insufficient sanitization of user provided rsync command High
CVE-2025-24366 was published for github.com/drakkan/sftpgo (Go) Feb 7, 2025
ateamjkr Credited to ateamjkr
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan Credited to Ayman-Rayan
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh Credited to kexinoh and russellb russellb russellb
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee Credited to nnsee, modelorona, and hkdeman modelorona modelorona
hkdeman hkdeman
WhoDB has a path traversal opening Sqlite3 database Critical
CVE-2025-24786 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee Credited to nnsee, modelorona, and hkdeman modelorona modelorona
hkdeman hkdeman
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025 withdrawn
GSadee Credited to GSadee
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal Credited to lirantal
Multiple rtmpdump vulnerabilities Critical
GHSA-vrpv-vw92-328g was published for rudloff/rtmpdump-bin (Composer) Feb 6, 2025
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke Credited to gronke and mhils mhils mhils
Apache James vulnerable to denial of service through JMAP HTML to text conversion High
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
node-opcua-alarm-condition prototype pollution vulnerability High
CVE-2024-57086 was published for node-opcua-alarm-condition (npm) Feb 6, 2025
axi92 Credited to axi92
vxe-table prototype pollution High
CVE-2024-57080 was published for vxe-table (npm) Feb 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database