Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,828
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,063
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,009
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,496 advisories

Loading
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (pip) Aug 8, 2025
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (pip) Aug 8, 2025
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
quiche connection ID retirement can trigger an infinite loop High
CVE-2025-7054 was published for quiche (Rust) Aug 7, 2025
catenacyber
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
Ollama allows deletion of arbitrary files Moderate
CVE-2025-44779 was published for github.com/ollama/ollama (Go) Aug 7, 2025
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
Astros's duplicate trailing slash feature leads to an open redirection security issue Moderate
CVE-2025-54793 was published for astro (npm) Aug 7, 2025
ghiyastfarisi ascorbic
ematipico
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors Low
GHSA-vh9x-phq6-fx54 was published for github.com/rs/cors (Go) Aug 6, 2025 withdrawn
Keycloak-services SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended Moderate
CVE-2025-54885 was published for thinbus-srp (npm) Aug 6, 2025
SvenSchindler
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
AMarcedone
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
HashiCorp Vault ldap auth method may not have correctly enforced MFA Moderate
CVE-2025-6013 was published for github.com/hashicorp/vault (Go) Aug 6, 2025
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-5197 was published for transformers (pip) Aug 6, 2025
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-522r-9946-fw43 was published for github.com/cloudflare/circl (Go) Aug 6, 2025 withdrawn
Shopware race condition bypasses voucher restrictions Moderate
CVE-2025-7954 was published for shopware/platform (Composer) Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
RISC Zero Underconstrained Vulnerability: Division Low
CVE-2025-54873 was published for risc0-circuit-rv32im (Rust) Aug 5, 2025
VeridiseAudits
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki allows Reflected XSS in two templates Moderate
CVE-2025-32430 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 5, 2025
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database