Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,353
Maven
5,000+
npm
3,977
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,443 advisories

Loading
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment Low
CVE-2025-52884 was published for risc0-ethereum-contracts (Rust) Jun 25, 2025
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function Low
CVE-2025-6518 was published for pyspur (pip) Jun 23, 2025
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth iusx
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
kubernetes allows nodes to bypass dynamic resource allocation authorization checks Low
CVE-2025-4563 was published for k8s.io/kubernetes (Go) Jun 23, 2025
spytrap-adb Omission of Security-relevant Information Low
CVE-2025-52926 was published for spytrap-adb (Rust) Jun 23, 2025
zkVM Underconstrained Vulnerability Low
CVE-2025-52484 was published for risc0-circuit-rv32im (Rust) Jun 20, 2025
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion Low
CVE-2025-48059 was published for com.powsybl:powsybl-contingency-api (Maven) Jun 19, 2025
arthurscchan AdamKorcz
rolnico olperr1
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Alkacon OpenCMS XSS via New User module Low
CVE-2019-11818 was published for org.opencms:opencms-core (Maven) May 24, 2022
Alkacon OpenCMS XSS via title and requestedResource parameters Low
CVE-2013-4600 was published for org.opencms:opencms-core (Maven) May 17, 2022
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters Low
CVE-2015-2351 was published for org.opencms:opencms-core (Maven) May 14, 2022
Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp Low
CVE-2008-1753 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter Low
CVE-2008-1510 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon Open CMS XSS via Logfile Viewer Settings function Low
CVE-2008-1300 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp Low
CVE-2008-1045 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via query parameter in a search action Low
CVE-2006-2571 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via unsanitized message body Low
CVE-2006-3933 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via username during login Low
CVE-2005-4294 was published for org.opencms:opencms-core (Maven) May 1, 2022
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
Withdrawn Advisory: microlight.js has a null pointer dereference vulnerability Low
CVE-2025-45525 was published for microlight (npm) Jun 17, 2025 withdrawn
Apache SeaTunnel: Unauthenticated insecure access Low
CVE-2025-32896 was published for org.apache.seatunnel:seatunnel-engine-common (Maven) Jun 19, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database