Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,250 advisories

Loading
@rpldy/uploader prototype pollution High
CVE-2024-57082 was published for @rpldy/uploader (npm) Feb 6, 2025
vxe-table prototype pollution High
CVE-2024-57080 was published for vxe-table (npm) Feb 6, 2025
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
module-from-string prototype pollution High
CVE-2024-57072 was published for module-from-string (npm) Feb 6, 2025
@tanstack/form-core prototype pollution High
CVE-2024-57068 was published for @tanstack/form-core (npm) Feb 6, 2025
@ndhoule/defaults prototype pollution High
CVE-2024-57066 was published for @ndhoule/defaults (npm) Feb 6, 2025
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors Critical
CVE-2023-29507 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
tmortagne
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
GHSA-rm76-4mrf-v9r8 was published for vllm (pip) Feb 6, 2025
kexinoh
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee modelorona
hkdeman
WhoDB has a path traversal opening Sqlite3 database Critical
CVE-2025-24786 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee modelorona
hkdeman
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke mhils
RuoYi has insecure permissions Moderate
CVE-2024-57438 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10 RisingZero
Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025
Apache James vulnerable to denial of service through JMAP HTML to text conversion Moderate
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Netplex Json-smart Uncontrolled Recursion vulnerability High
CVE-2024-57699 was published for net.minidev:json-smart (Maven) Feb 6, 2025
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override High
CVE-2024-26130 was published for cryptography (pip) Feb 21, 2024
Alexander-Programming cd-work
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database