Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,235
Maven
5,000+
npm
3,897
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,799 advisories

Loading
Drupal OAuth2 Server Missing Authorization vulnerability Low
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing Low
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31695 was published for drupal/link_field_display_mode_formatter (Composer) Apr 1, 2025
Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes Low
CVE-2025-31697 was published for drupal/formatter_suite (Composer) Apr 1, 2025
Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31696 was published for drupal/rapidoc_elements_field_formatter (Composer) Apr 1, 2025
Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31689 was published for drupal/gdpr (Composer) Apr 1, 2025
Drupal OAuth2 Client Cross-Site Request Forgery (CSRF) Low
CVE-2025-31684 was published for drupal/oauth2_client (Composer) Apr 1, 2025
Drupal Configuration Split Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31688 was published for drupal/config_split (Composer) Apr 1, 2025
Drupal Cache Utility Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31690 was published for drupal/cache_utility (Composer) Apr 1, 2025
Drupal Matomo Analytics Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31680 was published for drupal/matomo (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31687 was published for drupal/spamspan (Composer) Apr 1, 2025
Drupal AI Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31677 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Core Cross-Site Scripting (XSS) Vulnerability Low
CVE-2025-31675 was published for drupal/core (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Low
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2024-55895 was published Mar 29, 2025
tough cyclic delegation graphs are not detected Low
GHSA-j8x2-777p-23fc was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this... Low Unreviewed
CVE-2025-2922 was published Mar 28, 2025
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This... Low Unreviewed
CVE-2025-2920 was published Mar 28, 2025
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction Low
CVE-2024-39311 was published for publify_core (RubyGems) Mar 28, 2025
PinkDraconian
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the... Low Unreviewed
CVE-2025-2864 was published Mar 28, 2025
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources... Low Unreviewed
CVE-2025-2865 was published Mar 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database