Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables Moderate
CVE-2025-48934 was published for deno (Rust) Jun 4, 2025
frankvd
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm
Bullfrog's DNS over TCP bypasses domain filtering Moderate
CVE-2025-47775 was published for bullfrogsec/bullfrog (GitHub Actions) May 15, 2025
vin01
Liferay Portal and Liferay DXP Reveals Data via Forms Moderate
CVE-2025-2565 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 20, 2025
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
Liferay Portal and Liferay DXP vulnerable to theft of hashed password Moderate
CVE-2024-26270 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response Moderate
CVE-2024-39315 was published for github.com/pomerium/pomerium (Go) Jul 5, 2024
Enr1g
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico Moderate
CVE-2020-13597 was published for github.com/projectcalico/calico (Go) Feb 15, 2022
richardfan0606 luhring
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore Moderate
CVE-2024-32028 was published for OpenTelemetry.Instrumentation.AspNetCore (NuGet) Apr 12, 2024
IlyaGrebnov
Remote Memory Exposure in mongoose Moderate
GHSA-r5xw-q988-826m was published for mongoose (npm) Sep 1, 2020
mprpic
Vaadin vulnerable to possible information disclosure in non visible components. Moderate
CVE-2023-25499 was published for com.vaadin:flow-server (Maven) Jun 22, 2023
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
keycloak-core discloses system properties Moderate
CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Answer vulnerable to Insertion of Sensitive Information Into Sent Data Moderate
CVE-2023-1975 was published for github.com/answerdev/answer (Go) Apr 11, 2023
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database