Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,494 advisories

Loading
code-server's session cookie can be extracted by having user visit specially crafted proxy URL High
CVE-2025-47269 was published for code-server (npm) May 9, 2025
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
Apache Commons Configuration Uncontrolled Resource Consumption Low
CVE-2025-46392 was published for commons-configuration:commons-configuration (Maven) May 9, 2025
libsql-sqlite3-parser crash due to invalid UTF-8 input Low
CVE-2025-47736 was published for libsql-sqlite3-parser (Rust) May 9, 2025
trailer mishandles allocating with a size of zero Low
CVE-2025-47737 was published for trailer (Rust) May 9, 2025
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit High
CVE-2025-1948 was published for org.eclipse.jetty.http2:jetty-http2-common (Maven) May 8, 2025
bjorncs
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request High
CVE-2024-13009 was published for org.eclipse.jetty:jetty-server (Maven) May 8, 2025
maimaisie samjsong
nchudasmasumo lei-sumo
OpenStack Ironic fails to restrict paths used for file:// image URLs Low
CVE-2025-44021 was published for ironic (pip) May 8, 2025
fast_id_map has a soundness issue and is unmaintained Moderate
GHSA-4h96-mv53-2c86 was published for fast_id_map (Rust) May 8, 2025
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
Rack has an Unbounded-Parameter DoS in Rack::QueryParser High
CVE-2025-46727 was published for rack (RubyGems) May 8, 2025
TaiPhung217 jeremyevans
ioquatix
Rack session gets restored after deletion Moderate
CVE-2025-46336 was published for rack-session (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Rack session gets restored after deletion Moderate
CVE-2025-32441 was published for rack (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Django has a denial-of-service possibility in strip_tags() Moderate
CVE-2025-32873 was published for Django (pip) May 8, 2025
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
Koillection Cross Site Scripting vulnerability Moderate
CVE-2025-29746 was published for koillection/koillection (Composer) May 7, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for org.jruby:jruby (Maven) May 7, 2025
mohamedhafez
Easy!Appointments Denial of Service (DoS) Moderate
CVE-2025-29448 was published for alextselegidis/easyappointments (Composer) May 7, 2025
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser High
GHSA-q9q2-3ppx-mwqf was published for org.graylog2:graylog2-server (Maven) May 7, 2025
scanner has a Public API without sufficient bounds checking Low
GHSA-79m9-55jc-p6mw was published for scanner (Rust) May 7, 2025
Mithril snapshots for Cardano database could be compromised by an adversary Moderate
GHSA-qv97-5qr8-2266 was published for mithril-client (Rust) May 7, 2025
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Moderate
CVE-2025-27533 was published for org.apache.activemq:activemq-client (Maven) May 7, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database