GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
9,254 advisories
Filter by severity
Argo CD does not scrub secret values from patch errors
Moderate
CVE-2025-23216
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jan 30, 2025
KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources
Moderate
CVE-2025-24376
was published
for
github.com/kubewarden/kubewarden-controller
(Go)
Jan 30, 2025
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource
Moderate
CVE-2025-24784
was published
for
github.com/kubewarden/kubewarden-controller
(Go)
Jan 30, 2025
Go Ethereum vulnerable to DoS via malicious p2p message
Moderate
CVE-2025-24883
was published
for
github.com/ethereum/go-ethereum
(Go)
Jan 30, 2025
Argo CD GitOps Engine does not scrub secret values from patch errors
Moderate
GHSA-274v-mgcv-cm8j
was published
for
github.com/argoproj/gitops-engine
(Go)
Jan 30, 2025
Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control
Moderate
CVE-2025-23367
was published
for
org.wildfly:wildfly-server
(Maven)
Jan 30, 2025
fast-fault has a segmentation fault due to lack of bound check
Moderate
GHSA-8655-xgh5-5vvq
was published
for
fast-float
(Rust)
Jan 29, 2025
fast-float2 has a segmentation fault due to lack of bound check
Moderate
GHSA-jqcp-xc3v-f446
was published
for
fast-float2
(Rust)
Jan 29, 2025
Snowflake.Data has weak temporary files permissions
Moderate
CVE-2025-24788
was published
for
Snowflake.Data
(NuGet)
Jan 29, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
Moderate
CVE-2025-24794
was published
for
snowflake-connector-python
(pip)
Jan 29, 2025
snowflake-connector-python vulnerable to insecure cache files permissions
Moderate
CVE-2025-24795
was published
for
snowflake-connector-python
(pip)
Jan 29, 2025
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Moderate
CVE-2025-24884
was published
for
github.com/RichardoC/kube-audit-rest
(Go)
Jan 29, 2025
github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read
Moderate
GHSA-29qp-crvh-w22m
was published
for
github.com/hashicorp/yamux
(Go)
Jan 29, 2025
snowflake-sdk may incorrectly validate temporary credential cache file permissions
Moderate
CVE-2025-24791
was published
for
snowflake-sdk
(npm)
Jan 29, 2025
Snowflake JDBC uses insecure temporary credential cache file permissions
Moderate
CVE-2025-24790
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Jan 29, 2025
Twig security issue where escaping was missing when using null coalesce operator
Moderate
CVE-2025-24374
was published
for
twig/twig
(Composer)
Jan 29, 2025
RuoYi vulnerable to Denial of Service by attackers with admin privileges
Moderate
CVE-2024-57439
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
RuoYi has insecure permissions
Moderate
CVE-2024-57438
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource
Moderate
CVE-2024-29869
was published
for
org.apache.hive:hive-exec
(Maven)
Jan 29, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
Moderate
CVE-2025-24856
was published
for
causal/oidc
(Composer)
Jan 28, 2025
pimcore/customer-data-framework vulnerable to SQL Injection
Moderate
CVE-2024-11956
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jan 28, 2025
Insecure Temporary File usage in github.com/golang/glog
Moderate
CVE-2024-45339
was published
for
github.com/golang/glog
(Go)
Jan 28, 2025
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate
Moderate
GHSA-8m8m-98c9-vw7q
was published
for
pimcore/customer-data-framework
(Composer)
Jan 28, 2025
•
withdrawn
CRI-O Path Traversal vulnerability
Moderate
CVE-2025-0750
was published
for
github.com/cri-o/cri-o
(Go)
Jan 28, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Moderate
CVE-2024-23953
was published
for
org.apache.hive:hive-llap-common
(Maven)
Jan 28, 2025
ProTip!
Advisories are also available from the
GraphQL API