Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,781
Erlang
36
GitHub Actions
29
Go
2,345
Maven
5,000+
npm
3,976
NuGet
719
pip
3,772
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,944 advisories

Loading
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
Claude Code Improper Authorization via websocket connections from arbitrary origins High
GHSA-9f65-56v6-gxw7 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025
ChangeDetection.io XSS in watch overview High
CVE-2025-52558 was published for changedetection.io (pip) Jun 23, 2025
dgtlmoon
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi
kubernetes allows nodes to bypass dynamic resource allocation authorization checks Low
CVE-2025-4563 was published for k8s.io/kubernetes (Go) Jun 23, 2025
MLFlow SSRF via gateway_proxy_handler Moderate
CVE-2025-52967 was published for mlflow (pip) Jun 23, 2025
spytrap-adb Omission of Security-relevant Information Low
CVE-2025-52926 was published for spytrap-adb (Rust) Jun 23, 2025
rfc3161-client has insufficient verification for timestamp response signatures Critical
GHSA-6qhv-4h7r-2g9m was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
zkVM Underconstrained Vulnerability Low
CVE-2025-52484 was published for risc0-circuit-rv32im (Rust) Jun 20, 2025
Pingora has a Request Smuggling Vulnerability High
CVE-2025-4366 was published for pingora-core (Rust) Jun 20, 2025
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Mattermost allows an unauthorized Guest user access to Playbook Moderate
CVE-2025-3228 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows unauthorized channel member management through playbook runs Moderate
CVE-2025-3227 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input High
CVE-2025-52488 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
infosec-au
DNN.PLATFORM possibly allows bypass of IP Filters High
CVE-2025-52487 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
valadas bdukes
mitchelsellers
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed Moderate
CVE-2025-52485 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects Moderate
CVE-2025-52486 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+ High
GHSA-7cjh-xx4r-qh3f was published for io.sentry:sentry-android (Maven) Jun 20, 2025
Mattermost allows authenticated users to write files to arbitrary locations Critical
CVE-2025-4981 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
Crafter Studio Groovy Sandbox Bypass High
CVE-2025-6384 was published for org.craftercms:crafter-studio (Maven) Jun 19, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion Low
CVE-2025-48059 was published for com.powsybl:powsybl-contingency-api (Maven) Jun 19, 2025
arthurscchan AdamKorcz
rolnico olperr1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database