Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,589 advisories

Loading
Jenkins discloses project names via fingerprints High
CVE-2015-5317 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
SFTPGo has insufficient sanitization of user provided rsync command High
CVE-2025-24366 was published for github.com/drakkan/sftpgo (Go) Feb 7, 2025
ateamjkr
Undertow incorrectly parses cookies High
CVE-2023-4639 was published for io.undertow:undertow-core (Maven) Nov 17, 2024
Improper Input Validation in Apache Struts High
CVE-2006-1547 was published for struts:struts (Maven) May 1, 2022
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion High
CVE-2025-24787 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee modelorona
hkdeman
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
@rpldy/uploader prototype pollution High
CVE-2024-57082 was published for @rpldy/uploader (npm) Feb 6, 2025
vxe-table prototype pollution High
CVE-2024-57080 was published for vxe-table (npm) Feb 6, 2025
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
module-from-string prototype pollution High
CVE-2024-57072 was published for module-from-string (npm) Feb 6, 2025
@tanstack/form-core prototype pollution High
CVE-2024-57068 was published for @tanstack/form-core (npm) Feb 6, 2025
@ndhoule/defaults prototype pollution High
CVE-2024-57066 was published for @ndhoule/defaults (npm) Feb 6, 2025
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke mhils
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Netplex Json-smart Uncontrolled Recursion vulnerability High
CVE-2024-57699 was published for net.minidev:json-smart (Maven) Feb 6, 2025
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override High
CVE-2024-26130 was published for cryptography (pip) Feb 21, 2024
Alexander-Programming cd-work
Contrast's unauthenticated recovery allows Coordinator impersonation High
GHSA-vqv5-385r-2hf8 was published for github.com/edgelesssys/contrast (Go) Feb 5, 2025
3u13r burgerdev
katexochen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database