Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,467
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,832
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
907
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,681 advisories

Loading
Uptime Kuma ReDoS vulnerability Moderate
CVE-2025-26042 was published for uptime-kuma (npm) Mar 17, 2025
buildx allows a possible credential leakage to telemetry endpoint Moderate
CVE-2025-0495 was published for github.com/docker/buildx (Go) Mar 17, 2025
jstawinski
Sylius PayPal Plugin Payment Amount Manipulation Vulnerability Moderate
CVE-2025-29788 was published for sylius/paypal-plugin (Composer) Mar 17, 2025
migo315
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write High
CVE-2025-29787 was published for zip (Rust) Mar 17, 2025
eternal-flame-AD Pr0methean
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD Moderate
CVE-2025-29781 was published for github.com/metal3-io/baremetal-operator/apis (Go) Mar 17, 2025
debuggerchen
containerd has an integer overflow in User ID handling Moderate
CVE-2024-40635 was published for github.com/containerd/containerd (Go) Mar 17, 2025
p4ck3t0
Openshift Hive Exposes VCenter Credentials via ClusterProvision High
CVE-2025-2241 was published for github.com/openshift/hive (Go) Mar 17, 2025
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection Low
CVE-2025-1398 was published for mattermost-desktop (npm) Mar 17, 2025
PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash High
GHSA-v432-7f47-9g94 was published for PostQuantum-Feldman-VSS (pip) Mar 17, 2025
DavidOsipov
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods Low
CVE-2025-27512 was published for zincati (Rust) Mar 17, 2025
jlebon
gurk (aka gurk-rs) mishandles ANSI escape sequences Moderate
CVE-2025-30089 was published for gurk (Rust) Mar 17, 2025
Malayke
onos-lib-go allows an index out-of-range panic Moderate
CVE-2025-30077 was published for github.com/onosproject/onos-lib-go (Go) Mar 16, 2025
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. High
CVE-2025-30066 was published for tj-actions/changed-files (GitHub Actions) Mar 15, 2025
varunsh-coder
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution` Moderate
CVE-2025-29779 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment Critical
CVE-2025-2304 was published for camaleon_cms (RubyGems) Mar 14, 2025
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database