GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,793
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,095 advisories
Filter by severity
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
Moderate
CVE-2025-52554
was published
for
n8n
(npm)
Jul 3, 2025
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
Moderate
CVE-2025-48939
was published
for
tarteaucitronjs
(npm)
Jul 3, 2025
eKuiper /config/uploads API arbitrary file writing may lead to RCE
High
GHSA-gj54-gwj9-x2c6
was published
for
github.com/lf-edge/ekuiper
(Go)
Jul 3, 2025
LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement
High
GHSA-fv2p-qj5p-wqq4
was published
for
github.com/lf-edge/ekuiper
(Go)
Jul 3, 2025
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
Moderate
CVE-2025-49595
was published
for
n8n
(npm)
Jul 3, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders
Moderate
CVE-2025-34075
was published
for
vagrant
(RubyGems)
Jul 2, 2025
Microweber CMS API has authenticated local file inclusion vulnerability
Moderate
CVE-2025-34076
was published
for
microweber/microweber
(Composer)
Jul 2, 2025
ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions
Moderate
CVE-2025-53359
was published
for
ethereum
(Rust)
Jul 2, 2025
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener
Moderate
CVE-2025-53103
was published
for
org.junit.platform:junit-platform-reporting
(Maven)
Jul 1, 2025
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix
High
CVE-2025-53110
was published
for
@modelcontextprotocol/server-filesystem
(npm)
Jul 1, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling
High
CVE-2025-53109
was published
for
@modelcontextprotocol/server-filesystem
(npm)
Jul 1, 2025
juju/utils leaks private key in certs
Moderate
CVE-2025-6224
was published
for
github.com/juju/utils/v4/cert
(Go)
Jul 1, 2025
Pillow vulnerability can cause write buffer overflow on BCn encoding
High
CVE-2025-48379
was published
for
pillow
(pip)
Jul 1, 2025
Graylog vulnerable to privilege escalation through API tokens
High
CVE-2025-53106
was published
for
org.graylog2:graylog2-server
(Maven)
Jun 30, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools
High
CVE-2025-53107
was published
for
@cyanheads/git-mcp-server
(npm)
Jun 30, 2025
Electron vulnerable to Heap Buffer Overflow in NativeImage
Moderate
CVE-2024-46993
was published
for
electron
(npm)
Jun 30, 2025
Conductor vulnerable to OS command injection through unrestricted access to Java classes
Critical
CVE-2025-26074
was published
for
org.conductoross:conductor-core
(Maven)
Jun 30, 2025
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)
Low
CVE-2025-45143
was published
for
string-math
(npm)
Jun 30, 2025
Mattermost Incorrect Authorization vulnerability
Moderate
CVE-2025-46702
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 30, 2025
Mattermost Incorrect Authorization vulnerability
Moderate
CVE-2025-47871
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 30, 2025
electron ASAR Integrity bypass by just modifying the content
High
CVE-2024-46992
was published
for
electron
(npm)
Jun 30, 2025
Babylon vulnerable to chain half when transaction has fees different than `ubbn`
High
GHSA-56j4-446m-qrf6
was published
for
github.com/babylonlabs-io/babylon/v2
(Go)
Jun 30, 2025
Janssen Config API returns results without scope verification
High
CVE-2025-53003
was published
for
io.jans:jans-config-api-server
(Maven)
Jun 30, 2025
File Browser vulnerable to insecure password handling
Moderate
CVE-2025-52997
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser's password protection of links is bypassable
Low
CVE-2025-52996
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
ProTip!
Advisories are also available from the
GraphQL API