Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,350 advisories

Loading
React Router allows pre-render data spoofing on React-Router framework mode High
CVE-2025-43865 was published for react-router (npm) Apr 24, 2025
cold-try mhassan1
React Router allows a DoS via cache poisoning by forcing SPA mode High
CVE-2025-43864 was published for react-router (npm) Apr 24, 2025
cold-try
h11 accepts some malformed Chunked-Encoding bodies Critical
CVE-2025-43859 was published for h11 (pip) Apr 24, 2025
JeppW
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF High
CVE-2024-4367 was published for pdfjs-dist (npm) May 7, 2024
ThomasRinsma
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
Kubernetes did not effectively clear service account credentials High
CVE-2019-11243 was published for k8s.io/kubernetes (Go) May 24, 2022
awsactran
Apache HttpClient disables domain checks High
CVE-2025-27820 was published for org.apache.httpcomponents.client5:httpclient5 (Maven) Apr 24, 2025
OpenMetadata SQL Injection High
CVE-2024-55238 was published for org.open-metadata:openmetadata-service (Maven) Apr 17, 2025
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type Moderate
CVE-2025-41395 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions Moderate
CVE-2025-35965 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
tRPC 11 WebSocket DoS Vulnerability High
CVE-2025-43855 was published for @trpc/server (npm) Apr 24, 2025
lukechilds
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
CVE-2025-46417 was published for picklescan (pip) Apr 7, 2025
david3107
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate Moderate
GHSA-4p4h-9gvq-7xfg was published for picklescan (pip) Apr 24, 2025 withdrawn
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
LMDeploy Improper Input Validation Vulnerability Moderate
CVE-2025-3162 was published for lmdeploy (pip) Apr 3, 2025
Moodle reflected XSS via H5P error message Moderate
CVE-2024-43439 was published for moodle/moodle (Composer) Nov 11, 2024
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py Moderate
GHSA-f2f7-gj54-6vpv was published for llamafactory (pip) Apr 23, 2025
Anchor0221 xhjy2020
PostHog Plugin Server SQL Injection Vulnerability High
CVE-2025-1520 was published for @posthog/plugin-server (npm) Apr 23, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database