Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

10,100 advisories

Loading
uptrace pgdriver SQL injection vulnerability Moderate
CVE-2024-44906 was published for github.com/uptrace/bun/driver/pgdriver (Go) Jun 12, 2025
maxfierke
Umbraco CMS disclosure of configured password requirements Moderate
CVE-2025-49147 was published for Umbraco.Cms (NuGet) Jun 24, 2025
wasmvm: Malicious smart contract can slow down block production Moderate
GHSA-mx2j-7cmv-353c was published for cosmwasm-vm (Go) Feb 4, 2025
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Moderate
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph binary-1024
hmolsen
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
LunaBorowska levpachmanov
Denied Host Validation Bypass in Zitadel Actions Moderate
CVE-2024-49753 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
prdp1137 livio-a
fforootd
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
GeSHi XSS possible in the get_var function of /contrib/cssgen.php Moderate
CVE-2025-2123 was published for geshi/geshi (Composer) Mar 9, 2025
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
MLFlow SSRF via gateway_proxy_handler Moderate
CVE-2025-52967 was published for mlflow (pip) Jun 23, 2025
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi
Withdrawn Advisory: Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for @lunary/backend (npm) Sep 13, 2024 withdrawn
hughcrt
Withdrawn Advisory: Lunary information disclosure vulnerability Moderate
CVE-2024-6867 was published for lunary (npm) Sep 13, 2024 withdrawn
hughcrt
Mattermost allows an unauthorized Guest user access to Playbook Moderate
CVE-2025-3228 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows unauthorized channel member management through playbook runs Moderate
CVE-2025-3227 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects Moderate
CVE-2025-52486 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed Moderate
CVE-2025-52485 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Alkacon OpenCMS XSS via Mercury template Moderate
CVE-2023-6379 was published for org.opencms:opencms-core (Maven) Dec 13, 2023
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter Moderate
CVE-2008-1301 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp Moderate
CVE-2006-3935 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter Moderate
CVE-2006-3934 was published for org.opencms:opencms-core (Maven) May 1, 2022
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database