Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,989
NuGet
720
pip
3,781
Pub
12
RubyGems
926
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

8,106 advisories

Loading
react-native-keys insecurely stores encryption cipher and Base64 chunks High
CVE-2025-45001 was published for react-native-keys (npm) Jun 9, 2025
ThomasWunderlich
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023 withdrawn
Databricks JDBC Driver Command Injection vulnerability High
CVE-2024-49194 was published for com.databricks:databricks-jdbc (Maven) Dec 17, 2024
Pillow vulnerability can cause write buffer overflow on BCn encoding High
CVE-2025-48379 was published for pillow (pip) Jul 1, 2025
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Podman Improper Certificate Validation; machine missing TLS verification High
CVE-2025-6032 was published for github.com/containers/podman/v4 (Go) Jun 25, 2025
Luap99
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton High
CVE-2019-0223 was published for org.apache.qpid:proton-j (Maven) May 24, 2022 withdrawn
nhakmiller
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR jprichardson
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment High
CVE-2024-49364 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
File Browser vulnerable to command execution allowlist bypass High
CVE-2025-52995 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for org.apache.commons:commons-fileupload2-core (Maven) Jun 16, 2025
ryanmurf
SSRF Vulnerability on assetlinks_check(act_name, well_knowns) High
CVE-2024-29190 was published for mobsfscan (pip) Mar 22, 2024
bulutenes aydinnyunus
Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server High
CVE-2024-51504 was published for org.apache.zookeeper:zookeeper (Maven) Nov 7, 2024
ferdlestier
Babylon vulnerable to chain half when transaction has fees different than `ubbn` High
GHSA-56j4-446m-qrf6 was published for github.com/babylonlabs-io/babylon/v2 (Go) Jun 30, 2025
File Browser: Command Execution not Limited to Scope High
CVE-2025-52904 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout High
CVE-2025-1634 was published for io.quarkus:quarkus-resteasy (Maven) Feb 26, 2025
r3kumar
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database