Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

281,273 advisories

Loading
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime jodygarnett
A vulnerability has been identified in the libarchive library, specifically within the... Low Unreviewed
CVE-2025-5914 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw can be triggered when... Low Unreviewed
CVE-2025-5918 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one'... Low Unreviewed
CVE-2025-5917 was published Jun 9, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as... Low Unreviewed
CVE-2025-5889 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap... Low Unreviewed
CVE-2025-5915 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw involves an integer... Low Unreviewed
CVE-2025-5916 was published Jun 9, 2025
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1.... Moderate Unreviewed
CVE-2025-5892 was published Jun 9, 2025
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This... Moderate Unreviewed
CVE-2025-5891 was published Jun 9, 2025
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects... Moderate Unreviewed
CVE-2025-5895 was published Jun 9, 2025
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects... Moderate Unreviewed
CVE-2025-5890 was published Jun 9, 2025
HaxCMS-PHP Command Injection Vulnerability High
CVE-2025-49141 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
userRPR
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) High
CVE-2025-49140 was published for github.com/pion/interceptor (Go) Jun 9, 2025
JoeTurki kmansoft
3DRX
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson jupenur
nateprewitt sigmavirus24
A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic.... Moderate Unreviewed
CVE-2025-5887 was published Jun 9, 2025
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users... Critical Unreviewed
CVE-2025-49652 was published Jun 9, 2025
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions;... High Unreviewed
CVE-2025-49651 was published Jun 9, 2025
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve... High Unreviewed
CVE-2025-49653 was published Jun 9, 2025
A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic.... Moderate Unreviewed
CVE-2025-5888 was published Jun 9, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49280 was published Jun 9, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49279 was published Jun 9, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49276 was published Jun 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database