GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
74 advisories
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Moderate
CVE-2025-61926
was published
for
github.com/ossf/allstar
(Go)
Oct 10, 2025
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
Low
CVE-2025-48059
was published
for
com.powsybl:powsybl-contingency-api
(Maven)
Jun 19, 2025
PowSyBl Core contains Polynomial REDoS’es
Moderate
CVE-2025-48058
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data
High
CVE-2025-47771
was published
for
com.powsybl:powsybl-math
(Maven)
Jun 19, 2025
PowSyBl Core XML Reader allows XXE and SSRF
Low
CVE-2025-47293
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin
High
CVE-2025-32777
was published
for
volcano.sh/volcano
(Go)
Apr 30, 2025
tough cyclic delegation graphs are not detected
Low
GHSA-j8x2-777p-23fc
was published
for
tough
(Rust)
Mar 28, 2025
tough terminating targets role delegations are not respected
Moderate
CVE-2025-2886
was published
for
tough
(Rust)
Mar 28, 2025
tough root metadata version is not checked for sequential versioning
Moderate
CVE-2025-2885
was published
for
tough
(Rust)
Mar 28, 2025
tough timestamp metadata is cached when it fails snapshot rollback check
Moderate
CVE-2025-2888
was published
for
tough
(Rust)
Mar 28, 2025
tough failure to detect delegated target rollback
Moderate
CVE-2025-2887
was published
for
tough
(Rust)
Mar 28, 2025
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
CVE-2024-10270
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
send vulnerable to template injection that can lead to XSS
Low
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Low
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Low
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
body-parser vulnerable to denial of service when url encoding is enabled
High
CVE-2024-45590
was published
for
body-parser
(npm)
Sep 10, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
CVE-2024-45395
was published
for
github.com/sigstore/sigstore-go
(Go)
Sep 4, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations
Moderate
CVE-2024-35238
was published
for
github.com/stacklok/minder
(Go)
May 28, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
ProTip!
Advisories are also available from the
GraphQL API