GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,809
Pub
12
RubyGems
928
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,142 advisories
Filter by severity
XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Critical
CVE-2025-53836
was published
for
org.xwiki.rendering:xwiki-rendering-transformation-macro
(Maven)
Jul 14, 2025
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax
Critical
CVE-2025-53835
was published
for
org.xwiki.rendering:xwiki-rendering-syntax-xhtml
(Maven)
Jul 14, 2025
LaRecipe is vulnerable to Server-Side Template Injection attacks
Critical
CVE-2025-53833
was published
for
binarytorch/larecipe
(Composer)
Jul 14, 2025
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
Low
CVE-2025-53643
was published
for
aiohttp
(pip)
Jul 14, 2025
Indico vulnerability allows attackers to bulk dump user details
Moderate
CVE-2025-53640
was published
for
indico
(pip)
Jul 14, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
High
CVE-2025-53623
was published
for
job-iteration
(RubyGems)
Jul 14, 2025
Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build
High
CVE-2025-53689
was published
for
org.apache.jackrabbit:jackrabbit-core
(Maven)
Jul 14, 2025
py-libp2p is vulnerable to DoS attacks through use of large RSA keys
Moderate
CVE-2025-29606
was published
for
libp2p
(pip)
Jul 14, 2025
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
Moderate
CVE-2025-53865
was published
for
roundup
(pip)
Jul 13, 2025
Apache Zeppelin exposes server resources to unauthenticated attackers
High
CVE-2024-41169
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Jul 12, 2025
static-alloc vulnerability leads to uninitialized read after allocating MemBump
Low
GHSA-xrrq-rrgq-h89w
was published
for
static-alloc
(Rust)
Jul 11, 2025
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
High
CVE-2025-30402
was published
for
executorch
(pip)
Jul 11, 2025
Better Call routing bug can lead to Cache Deception
Moderate
GHSA-hq75-xg7r-rx6c
was published
for
better-call
(npm)
Jul 11, 2025
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function
Moderate
CVE-2025-52994
was published
for
james-heinrich/phpthumb
(Composer)
Jul 11, 2025
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Moderate
CVE-2025-48924
was published
for
commons-lang:commons-lang
(Maven)
Jul 11, 2025
Transformers is vulnerable to ReDoS attack through its DonutProcessor class
Moderate
CVE-2025-3933
was published
for
transformers
(pip)
Jul 11, 2025
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON
Moderate
CVE-2025-53864
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Jul 11, 2025
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
Moderate
CVE-2025-53506
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Jul 10, 2025
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
Moderate
CVE-2025-52434
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Jul 10, 2025
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
Moderate
CVE-2025-52520
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Jul 10, 2025
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout
High
CVE-2025-53634
was published
for
github.com/ctfer-io/chall-manager
(Go)
Jul 10, 2025
Chall-Manager's scenario decoding process does not check for zip bombs
High
CVE-2025-53633
was published
for
github.com/ctfer-io/chall-manager
(Go)
Jul 10, 2025
Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive
High
CVE-2025-53632
was published
for
github.com/ctfer-io/chall-manager
(Go)
Jul 10, 2025
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
Moderate
CVE-2025-53626
was published
for
@pdfme/common
(npm)
Jul 10, 2025
Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation
Moderate
CVE-2025-53549
was published
for
matrix-sdk
(Rust)
Jul 10, 2025
ProTip!
Advisories are also available from the
GraphQL API