Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,543
Erlang
33
GitHub Actions
25
Go
2,219
Maven
5,000+
npm
3,889
NuGet
700
pip
3,657
Pub
12
RubyGems
913
Rust
937
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,102 advisories

Loading
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal OAuth2 Client Cross-Site Request Forgery (CSRF) Low
CVE-2025-31684 was published for drupal/oauth2_client (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Configuration Split Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31688 was published for drupal/config_split (Composer) Apr 1, 2025
Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31687 was published for drupal/spamspan (Composer) Apr 1, 2025
Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31689 was published for drupal/gdpr (Composer) Apr 1, 2025
Drupal Cache Utility Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31690 was published for drupal/cache_utility (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Core Vulnerable to Forceful Browsing Moderate
CVE-2025-31673 was published for drupal/core (Composer) Apr 1, 2025
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Moderate
CVE-2025-31674 was published for drupal/core (Composer) Apr 1, 2025
Drupal Core Cross-Site Scripting (XSS) Vulnerability Low
CVE-2025-31675 was published for drupal/core (Composer) Apr 1, 2025
Drupal AI Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31677 was published for drupal/ai (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Low
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct Moderate
GHSA-qq4x-c6h6-rfxh was published for aws-cdk-lib (npm) Mar 31, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
gifplayer XSS vulnerability Moderate
CVE-2025-31128 was published for gifplayer (npm) Mar 31, 2025
Rudloff
Netty QUIC hash collision DoS attack Moderate
CVE-2025-29908 was published for io.netty.incubator:netty-incubator-codec-quic (Maven) Mar 31, 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query Moderate
CVE-2025-31125 was published for vite (npm) Mar 31, 2025
Iuhsssss
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
GHSA-hx7h-9vf7-5xhg was published for uptime-kuma (npm) Mar 31, 2025
ShiyuBanzhou
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field Moderate
CVE-2025-2967 was published for concrete5/concrete5 (Composer) Mar 31, 2025
Solon Vulnerable to Path Traversal Moderate
CVE-2025-2961 was published for org.noear:solon-view (Maven) Mar 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database