Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,623 advisories

Loading
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ Low
CVE-2025-27221 was published for uri (RubyGems) Mar 3, 2025
john-halderman
Credited to john-halderman
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
Credited to momo-trip, YutoIn, iwashiira, and utshina
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal taxone
Credited to amita-seal and taxone
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas zer0yu
Credited to nicolas-grekas and zer0yu
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
offscriptian alexandre-daubois
Credited to offscriptian and alexandre-daubois
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8373 was published for angular (npm) Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila
Credited to chinchila
Shaman has soundness issues and is unmaintained Low
GHSA-7vjm-6qgq-3mrq was published for shaman (Rust) Nov 3, 2025
ImageMagick BlobStream Forward-Seek Under-Allocation Low
CVE-2025-57807 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Sep 5, 2025
mescuwa
Credited to mescuwa
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash Low
CVE-2025-55212 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
amethyst0225 leehohojune
jin-156
Credited to amethyst0225, leehohojune, and jin-156
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip iwashiira
utshina on-keyday
Credited to momo-trip, iwashiira, utshina, and on-keyday
AngularJS improperly sanitizes SVG elements Low
CVE-2025-0716 was published for angular (npm) Apr 29, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
Credited to dellalibera
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6854 was published for langchain-chatchat (pip) Jun 29, 2025
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6855 was published for langchain-chatchat (pip) Jun 29, 2025
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Low
GHSA-cf57-c578-7jvv was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Drupal Umami Analytics allows Cross-Site Scripting (XSS) Low
CVE-2025-10931 was published for drupal/umami_analytics (Composer) Oct 30, 2025
Keycloak allows access to admin path through flaw Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database