Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Moodle has an arbitrary file read risk through pdfTeX High
CVE-2025-26525 was published for moodle/moodle (Composer) Feb 24, 2025
Apache Struts vulnerable to path traversal Critical
CVE-2023-50164 was published for org.apache.struts:struts2-core (Maven) Dec 7, 2023
yoshizawa-masatoshi henrikplate
Guava vulnerable to insecure use of temporary directory Moderate
CVE-2023-2976 was published for com.google.guava:guava (Maven) Jun 14, 2023
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Moderate
CVE-2024-45627 was published for org.apache.linkis:linkis-metadata-query-service-jdbc (Maven) Jan 14, 2025
SiYuan has an arbitrary file deletion vulnerability High
CVE-2025-21609 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 3, 2025
N0el4kLs
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Duplicate Advisory: Gogs allows deletion of internal files Critical
GHSA-2vgj-3pvg-xh4w was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
laravel-s vulnerable to Local File Inclusion Critical
CVE-2023-29931 was published for hhxsv5/laravel-s (Composer) Jun 22, 2023
TCPDF Local File Inclusion vulnerability Moderate
CVE-2024-51058 was published for tecnickcom/tcpdf (Composer) Nov 26, 2024
Apache Linkis arbitrary file deletion vulnerability High
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Apache Linkis DataSource allows arbitrary file reading High
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate
CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024
maennchen rapidfsub
zachdaniel
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
Scrapy allows redirect following in protocols other than HTTP Moderate
GHSA-23j4-mw76-5v7h was published for Scrapy (pip) May 14, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read High
CVE-2024-34066 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Drupal core access bypass vulnerability Moderate
CVE-2017-6922 was published for drupal/core (Composer) May 13, 2022
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database