GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
8,080 advisories
Filter by severity
Podman Improper Certificate Validation; machine missing TLS verification
High
CVE-2025-6032
was published
for
github.com/containers/podman/v4
(Go)
Jun 25, 2025
NetBird uses a static initialization vector (IV)
High
CVE-2024-41260
was published
for
github.com/netbirdio/netbird
(Go)
Aug 1, 2024
LangChain Community SSRF vulnerability exists in RequestsToolkit component
High
CVE-2025-2828
was published
for
langchain-community
(pip)
Jun 23, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory
High
CVE-2025-52888
was published
for
io.qameta.allure.plugins:junit-xml-plugin
(Maven)
Jun 25, 2025
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
TiDB authentication bypass vulnerability
High
CVE-2022-31011
was published
for
github.com/pingcap/tidb
(Go)
Jun 6, 2022
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
High
CVE-2017-7670
was published
for
github.com/apache/trafficcontrol
(Go)
May 13, 2022
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
High
CVE-2023-3893
was published
for
github.com/kubernetes-csi/csi-proxy
(Go)
Nov 3, 2023
Argo CD web terminal session doesn't expire
High
CVE-2023-40025
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Aug 23, 2023
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Improper HTML sanitization in ZITADEL
High
CVE-2024-28855
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2024
Claude Code Improper Authorization via websocket connections from arbitrary origins
High
GHSA-9f65-56v6-gxw7
was published
for
@anthropic-ai/claude-code
(npm)
Jun 23, 2025
ChangeDetection.io XSS in watch overview
High
CVE-2025-52558
was published
for
changedetection.io
(pip)
Jun 23, 2025
Fluent Fluentd and Fluent-ui use default password
High
CVE-2020-21514
was published
for
fluentd-ui
(RubyGems)
Apr 4, 2023
Arbitrary file read vulnerability in Jenkins Log Command Plugin
High
CVE-2024-23904
was published
for
org.jenkins-ci.plugins:log-command
(Maven)
Jan 24, 2024
Spring Framework server Web DoS Vulnerability
High
CVE-2024-22233
was published
for
org.springframework:spring-core
(Maven)
Jan 22, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23682
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Inefficient Algorithmic Complexity in com.upokecenter:cbor
High
CVE-2024-23684
was published
for
com.upokecenter:cbor
(Maven)
Jan 19, 2024
Remote Code Execution vulnerability in Apache IoTDB via UDF
High
CVE-2023-46226
was published
for
apache-iotdb
(Maven)
Jan 15, 2024
Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint
High
CVE-2024-5478
was published
for
lunary
(npm)
Jun 6, 2024
•
withdrawn
Withdrawn Advisory: Lunary improper access control vulnerability
High
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+
High
GHSA-7cjh-xx4r-qh3f
was published
for
io.sentry:sentry-android
(Maven)
Jun 20, 2025
Pingora has a Request Smuggling Vulnerability
High
CVE-2025-4366
was published
for
pingora-core
(Rust)
Jun 20, 2025
Duplicate Advisory: Pingora Request Smuggling and Cache Poisoning
High
GHSA-3qmp-g57h-rxf2
was published
for
pingora-core
(Rust)
May 22, 2025
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API