GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,120 advisories
Filter by severity
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser
High
CVE-2025-3225
was published
for
llama-index-readers-papers
(pip)
Jul 7, 2025
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
Moderate
CVE-2025-3262
was published
for
transformers
(pip)
Jul 7, 2025
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
Moderate
CVE-2025-3263
was published
for
transformers
(pip)
Jul 7, 2025
Transformers vulnerable to ReDoS attack through its get_imports() function
Moderate
CVE-2025-3264
was published
for
transformers
(pip)
Jul 7, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection
Low
CVE-2025-3777
was published
for
transformers
(pip)
Jul 7, 2025
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
Moderate
CVE-2025-3108
was published
for
llama-index-core
(pip)
Jul 7, 2025
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header
Moderate
CVE-2025-53604
was published
for
web-push
(Rust)
Jul 5, 2025
rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS
Moderate
CVE-2025-53605
was published
for
protobuf
(Rust)
Jul 5, 2025
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
High
CVE-2025-53366
was published
for
mcp
(pip)
Jul 4, 2025
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
High
CVE-2025-53365
was published
for
mcp
(pip)
Jul 4, 2025
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Moderate
CVE-2025-53602
was published
for
io.zipkin:zipkin-server
(Maven)
Jul 4, 2025
Cockpit - Content Platform vulnerable to XSS through name or email argument names
Moderate
CVE-2025-7053
was published
for
cockpit-hq/cockpit
(Composer)
Jul 4, 2025
Citizen Short Description stored XSS vulnerability through wikitext
High
CVE-2025-53369
was published
for
starcitizentools/short-description
(Composer)
Jul 3, 2025
Bolt CMS vulnerable to authenticated remote code execution
High
CVE-2025-34086
was published
for
bolt/bolt
(Composer)
Jul 3, 2025
Citizen vulnerable to Stored XSS through short descriptions
High
CVE-2025-53370
was published
for
starcitizentools/citizen-skin
(Composer)
Jul 3, 2025
Next.JS vulnerability can lead to DoS via cache poisoning
High
CVE-2025-49826
was published
for
next
(npm)
Jul 3, 2025
Next.js has a Cache poisoning vulnerability due to omission of the Vary header
Low
CVE-2025-49005
was published
for
next
(npm)
Jul 3, 2025
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions
High
CVE-2025-53368
was published
for
starcitizentools/citizen-skin
(Composer)
Jul 3, 2025
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
Moderate
CVE-2025-52554
was published
for
n8n
(npm)
Jul 3, 2025
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
Moderate
CVE-2025-48939
was published
for
tarteaucitronjs
(npm)
Jul 3, 2025
eKuiper /config/uploads API arbitrary file writing may lead to RCE
High
GHSA-gj54-gwj9-x2c6
was published
for
github.com/lf-edge/ekuiper
(Go)
Jul 3, 2025
LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement
High
GHSA-fv2p-qj5p-wqq4
was published
for
github.com/lf-edge/ekuiper
(Go)
Jul 3, 2025
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
Moderate
CVE-2025-49595
was published
for
n8n
(npm)
Jul 3, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders
Moderate
CVE-2025-34075
was published
for
vagrant
(RubyGems)
Jul 2, 2025
Microweber CMS API has authenticated local file inclusion vulnerability
Moderate
CVE-2025-34076
was published
for
microweber/microweber
(Composer)
Jul 2, 2025
ProTip!
Advisories are also available from the
GraphQL API