Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,515
Erlang
33
GitHub Actions
25
Go
2,215
Maven
5,000+
npm
3,884
NuGet
697
pip
3,651
Pub
12
RubyGems
913
Rust
930
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,043 advisories

Loading
estree-util-value-to-estree allows prototype pollution in generated ESTree Moderate
CVE-2025-32014 was published for estree-util-value-to-estree (npm) Apr 7, 2025
remcohaszing
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
GHSA-p2q6-pwh5-m6jr was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
GHSA-q2f9-x4p4-7xmh was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing High
GHSA-3j43-9v8v-cp3f was published for apollo-router (Rust) Apr 7, 2025
yo-artyom
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
GHSA-84m6-5m72-45fp was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
GHSA-75m2-jhh5-j5g2 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
GHSA-94hh-jmq8-2fgp was published for apollo-router (Rust) Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users Moderate
GHSA-9c4c-g95m-c8cp was published for flowise (npm) Apr 7, 2025
Tribal1012
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
GHSA-93mv-x874-956g was published for picklescan (pip) Apr 7, 2025
david3107
js-object-utilities Vulnerable to Prototype Pollution High
GHSA-hpqf-m68j-2pfx was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
tarteaucitron.js allows url scheme injection via unfiltered inputs Moderate
CVE-2025-31476 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
tarteaucitron.js allows prototype pollution via custom text injection Moderate
CVE-2025-31475 was published for tarteaucitronjs (npm) Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection Moderate
CVE-2025-31138 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-27520 was published for bentoml (pip) Apr 4, 2025
c2an1
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
GraphQL grant on a property might be cached with different objects High
CVE-2025-31485 was published for api-platform/core (Composer) Apr 4, 2025
ausi alanpoulain
soyuka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database