GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,751
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,770 advisories
Filter by severity
Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-49130
was published
for
barryvdh/laravel-translation-manager
(Composer)
Jun 9, 2025
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Critical
GHSA-jc7g-x28f-3v3h
was published
for
github.com/knadh/listmonk
(Go)
Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2025-25208
was published
for
github.com/kuadrant/authorino
(Go)
Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2025-25207
was published
for
github.com/kuadrant/authorino
(Go)
Jun 9, 2025
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Moderate
CVE-2025-49128
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Jun 7, 2025
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Low
CVE-2025-49011
was published
for
github.com/authzed/spicedb
(Go)
Jun 6, 2025
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
High
CVE-2025-47950
was published
for
github.com/coredns/coredns
(Go)
Jun 6, 2025
Para Inserts Sensitive Information into Log File for Facebook authentication
Moderate
CVE-2025-49009
was published
for
com.erudika:para-server
(Maven)
Jun 6, 2025
Duplicate Advisory: users may append `root` to group listings
High
GHSA-jq8x-v7jw-v675
was published
for
users
(Rust)
Jun 6, 2025
•
withdrawn
Jenkins Gatling Plugin Vulnerable to Cross-Site Scripting (XSS)
High
CVE-2025-5806
was published
for
org.jenkins-ci.plugins:gatling
(Maven)
Jun 6, 2025
Apache InLong Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2025-27531
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jun 6, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability
Critical
GHSA-c42h-56wx-h85q
was published
for
auth0/login
(Composer)
Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability
Critical
GHSA-98j6-67v3-mw34
was published
for
auth0/symfony
(Composer)
Jun 6, 2025
Yii 2 Redis may expose AUTH parameters in logs in case of connection failure
Moderate
CVE-2025-48493
was published
for
yiisoft/yii2-redis
(Composer)
Jun 5, 2025
llama_index vulnerable to SQL Injection
Critical
CVE-2025-1793
was published
for
llama-index
(pip)
Jun 5, 2025
ReDoS Vulnerability in Rack::Multipart handle_mime_head
Moderate
CVE-2025-49007
was published
for
rack
(RubyGems)
Jun 5, 2025
Django Improper Output Neutralization for Logs vulnerability
Moderate
CVE-2025-48432
was published
for
Django
(pip)
Jun 5, 2025
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2024-21486
was published
for
deno
(Rust)
Jun 5, 2025
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data
Critical
GHSA-862m-5253-832r
was published
for
auth0/wordpress
(Composer)
Jun 5, 2025
users may append `root` to group listings
High
CVE-2025-5791
was published
for
users
(Rust)
Jun 5, 2025
Multer vulnerable to Denial of Service via unhandled exception
High
CVE-2025-48997
was published
for
multer
(npm)
Jun 5, 2025
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
Moderate
CVE-2025-48996
was published
for
@haxtheweb/open-apis
(npm)
Jun 5, 2025
anon-vec lacks sufficient checks in public API
Low
GHSA-pr59-jjr4-gcf6
was published
for
anon-vec
(Rust)
Jun 5, 2025
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
Moderate
CVE-2025-48994
was published
for
signxml
(pip)
Jun 5, 2025
ProTip!
Advisories are also available from the
GraphQL API