Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,486
Maven
5,000+
npm
4,104
NuGet
735
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

8,287 advisories

Loading
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin High
CVE-2025-43772 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 4, 2025
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
Hono's flaw in URL path parsing could cause path confusion High
CVE-2025-58362 was published for hono (npm) Sep 3, 2025
mwlik imenyoo2
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning High
GHSA-ph6w-f82w-28w6 was published for @anthropic-ai/claude-code (npm) Sep 3, 2025
Soft Serve vulnerable to arbitrary file writing through SSH API High
CVE-2025-58355 was published for github.com/charmbracelet/soft-serve (Go) Sep 2, 2025
msanft caarlos0
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Command Injection via sonarqube-scan-action GitHub Action High
CVE-2025-58178 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 2, 2025
Torbjorn-Svensson
arenavec has multiple memory corruption vulnerabilities in safe APIs High
GHSA-3632-54q8-m96x was published for arenavec (Rust) Sep 2, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd dktapps
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header High
CVE-2025-57808 was published for esphome (pip) Sep 2, 2025
bcat
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text High
CVE-2024-52284 was published for github.com/rancher/fleet (Go) Aug 29, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
Harness Allows Arbitrary File Write in Gitness LFS server High
CVE-2025-58158 was published for github.com/harness/gitness (Go) Aug 29, 2025
TheKavorka
Versity panic induced by AWS chunked data sent to port High
GHSA-v2ch-c8v8-fgr7 was published for github.com/versity/versitygw (Go) Aug 29, 2025
tonyipm
Rancher affected by unauthenticated Denial of Service High
CVE-2024-58259 was published for github.com/rancher/rancher (Go) Aug 29, 2025
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads High
CVE-2025-6203 was published for github.com/hashicorp/vault (Go) Aug 28, 2025
Contrast leaks workload secrets to logs on INFO level High
GHSA-vxg3-w9rv-rhr2 was published for github.com/edgelesssys/contrast (Go) Aug 28, 2025
katexochen
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
NodeBB SQL Injection vulnerability High
CVE-2025-50979 was published for nodebb (npm) Aug 27, 2025
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Rich-Harris
dominikg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database