Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,219 advisories

Loading
Directus has a DOM-Based cross-site scripting (XSS) via layout_options Low
GHSA-9qrm-48qf-r2rw was published for directus (npm) Jan 23, 2025
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
@sveltejs/kit vulnerable to XSS on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
RDIL
Umbraco CMS Cross-site Scripting vulnerability Low
CVE-2024-10761 was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Apache Airflow does not return the "Cache-Control" header for dynamic content Low
CVE-2024-25142 was published for apache-airflow (pip) Jun 14, 2024
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring Low
CVE-2024-47168 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Low
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph binary-1024
Vyper's `_abi_decode` vulnerable to Memory Overflow Low
CVE-2024-26149 was published for vyper (pip) Feb 26, 2024
minaminao-osec
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER Low
CVE-2025-0343 was published for github.com/apple/swift-asn1 (Swift) Jan 14, 2025
baarde
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
Lodestar snappy checksum issue Low
GHSA-m9c9-mc2h-9wjw was published for @lodestar/reqresp (npm) Jan 14, 2025
gln7
Lodestar snappy decompression issue Low
GHSA-53rv-hcvm-rpp9 was published for @lodestar/reqresp (npm) Jan 14, 2025
gln7
TYPO3 Information Disclosure via Exception Handling/Logger Low
CVE-2024-55891 was published for typo3/cms-install (Composer) Jan 14, 2025
ohader
notation-go has an OS error when setting CRL cache leads to denial of signature verification Low
CVE-2024-51491 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 JeyJeyGao
shizhMSFT
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database