Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,747
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,071 advisories

Loading
Withdrawn Advisory: Netty vulnerability included in redis lettuce Moderate
GHSA-q4h9-7rxj-7gx2 was published for io.lettuce:lettuce-core (Maven) Dec 2, 2024 withdrawn
gmcallister-r7 SteffenGabel
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Field-level security issue with .keyword fields in OpenSearch Moderate
CVE-2023-23613 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie
Mongoose search injection vulnerability Critical
CVE-2025-23061 was published for mongoose (npm) Jan 15, 2025
Crayfish allows Remote Code Execution via Homarus Authorization header Critical
GHSA-mm6v-68qp-f9fw was published for islandora/crayfish (Composer) Jan 15, 2025
seth-shaw-asu adam-vessey
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
Server-Side Forgery Request can be activated unmarshalling with XStream Moderate
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
vulnerability-analyst
SP1 has missing verifier checks and fiat-shamir observations High
GHSA-c873-wfhp-wx5m was published for sp1-stark (Rust) Jan 15, 2025
Mattermost fails to properly validate post props Moderate
CVE-2025-20088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Navidrome Stores JWT Secret in Plaintext in navidrome.db High
CVE-2024-56362 was published for github.com/navidrome/navidrome (Go) Dec 23, 2024
saisathvik1
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK
Mattermost Incorrect Type Conversion or Cast Moderate
CVE-2025-21088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Mattermost fails to properly validate post props Moderate
CVE-2025-20086 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Insecure Temporary File in RESTEasy Moderate
CVE-2023-0482 was published for org.jboss.resteasy:resteasy-core (Maven) Jan 15, 2025
Duplicate Advisory: Insecure Temporary File in RESTEasy Moderate
GHSA-jrmh-v64j-mjm9 was published for org.jboss.resteasy:resteasy-core (Maven) Feb 18, 2023 withdrawn
dovezp
Segfault via invalid attributes in `pywrap_tfe_src.cc` Moderate
CVE-2022-41889 was published for tensorflow (pip) Nov 21, 2022
vulnerability-analyst
TYPO3 Potential Open Redirect via Parsing Differences Moderate
CVE-2024-55892 was published for typo3/cms-core (Composer) Jan 14, 2025
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER Low
CVE-2025-0343 was published for github.com/apple/swift-asn1 (Swift) Jan 14, 2025
baarde
Silverstripe Framework has a XSS in form messages Moderate
CVE-2024-53277 was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a XSS via insert media remote file oembed Moderate
CVE-2024-47605 was published for silverstripe/framework (Composer) Jan 14, 2025
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
Silverpeas Core Cross-site Scripting vulnerability Moderate
CVE-2024-39031 was published for org.silverpeas.core:silverpeas-core-rs (Maven) Jul 9, 2024
binary-1024
Silverpeas Core vulnerable to Cross Site Scripting Moderate
CVE-2024-29392 was published for org.silverpeas.core:silverpeas-core (Maven) May 22, 2024
binary-1024
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP High
CVE-2017-7561 was published for org.jboss.resteasy:resteasy-jaxrs (Maven) May 13, 2022
binary-1024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database