Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,835
Erlang
36
GitHub Actions
33
Go
2,452
Maven
5,000+
npm
4,077
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,388 advisories

Loading
Directus allows unauthenticated file upload and file modification due to lacking input sanitization Critical
CVE-2025-55746 was published for @directus/api (npm) Aug 20, 2025
r4bbit-r4
screenshot-desktop vulnerable to command Injection via `format` option Critical
CVE-2025-55294 was published for screenshot-desktop (npm) Aug 19, 2025
RichardoC bencevans
HydrAIDE Authentication Bypass Vulnerability Critical
GHSA-qp7j-x725-g67f was published for github.com/hydraide/hydraide (Go) Aug 19, 2025
yyewolf
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label Critical
CVE-2025-55205 was published for github.com/projectcapsule/capsule (Go) Aug 18, 2025
b0b0haha
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
Flowise JS injection remote code execution Critical
CVE-2025-55346 was published for flowise (npm) Aug 14, 2025
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901
Privileged OpenBao Operator May Execute Code on the Underlying Host Critical
CVE-2025-54997 was published for github.com/openbao/openbao (Go) Aug 8, 2025
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (pip) Aug 8, 2025
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (pip) Aug 8, 2025
ExecuTorch heap buffer overflow vulnerability Critical
CVE-2025-54949 was published for executorch (pip) Aug 8, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow Critical
CVE-2025-54951 was published for executorch (pip) Aug 8, 2025
ExecuTorch out-of-bounds access vulnerability Critical
CVE-2025-54950 was published for executorch (pip) Aug 8, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
ptrgits sfatzmw
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp dregad
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
num2words subjected to phishing attack, two versions published containing malware Critical
GHSA-jxr6-qrxx-2ph2 was published for num2words (pip) Jul 31, 2025
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion Critical
CVE-2025-54576 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
jennifer-recurity
BentoML SSRF Vulnerability in File Upload Processing Critical
CVE-2025-54381 was published for bentoml (pip) Jul 29, 2025
geckosecurity jjjutla
nkoorty
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database