Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,920 advisories

Loading
React Router allows pre-render data spoofing on React-Router framework mode High
CVE-2025-43865 was published for react-router (npm) Apr 24, 2025
cold-try mhassan1
React Router allows a DoS via cache poisoning by forcing SPA mode High
CVE-2025-43864 was published for react-router (npm) Apr 24, 2025
cold-try
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF High
CVE-2024-4367 was published for pdfjs-dist (npm) May 7, 2024
ThomasRinsma
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Kubernetes did not effectively clear service account credentials High
CVE-2019-11243 was published for k8s.io/kubernetes (Go) May 24, 2022
awsactran
Apache HttpClient disables domain checks High
CVE-2025-27820 was published for org.apache.httpcomponents.client5:httpclient5 (Maven) Apr 24, 2025
OpenMetadata SQL Injection High
CVE-2024-55238 was published for org.open-metadata:openmetadata-service (Maven) Apr 17, 2025
tRPC 11 WebSocket DoS Vulnerability High
CVE-2025-43855 was published for @trpc/server (npm) Apr 24, 2025
lukechilds
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
CVE-2025-46417 was published for picklescan (pip) Apr 7, 2025
david3107
PostHog Plugin Server SQL Injection Vulnerability High
CVE-2025-1520 was published for @posthog/plugin-server (npm) Apr 23, 2025
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API High
CVE-2025-32968 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 23, 2025
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
Traefik has a possible vulnerability with the path matchers High
CVE-2025-32431 was published for github.com/traefik/traefik (Go) Apr 21, 2025
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Apache Struts forced double OGNL evaluation High
CVE-2016-4461 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
Apache Wicket vulnerable to CSRF attacks High
CVE-2016-6806 was published for org.apache.wicket:wicket-core (Maven) May 17, 2022
Apache Wicket insecure defaults High
CVE-2014-7808 was published for org.apache.wicket:wicket-core (Maven) May 13, 2022
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF) High
CVE-2016-8737 was published for org.apache.brooklyn:brooklyn-jsgui (Maven) May 17, 2022
OpenEXR invalid write High
CVE-2017-9111 was published for OpenEXR (pip) May 13, 2022
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
MantisBT allows arbitrary password reset High
CVE-2017-7615 was published for mantisbt/mantisbt (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database