Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,335 advisories

Loading
Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-95j3-435g-vjcp was published for leantime/leantime (Composer) Feb 21, 2025
brent-hopkins hugo-guzman
Exiv2 allows Use After Free Moderate
CVE-2025-26623 was published for Exiv2 (pip) Feb 21, 2025
Marsman1996
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
lakeFS allows an authenticated user to cause a crash by exhausting server memory Moderate
CVE-2025-27100 was published for github.com/treeverse/lakefs (Go) Feb 21, 2025
arielshaqed ItamarYuran
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
AutoQueryable leaks sensitive information Moderate
CVE-2024-57716 was published for AutoQueryable (NuGet) Feb 20, 2025
Kwik hash collision vulnerability Moderate
CVE-2025-23020 was published for tech.kwik:kwik (Maven) Feb 20, 2025
SSRF in sliver teamserver Moderate
CVE-2025-27090 was published for github.com/bishopfox/sliver (Go) Feb 19, 2025
chebuya
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens Moderate
CVE-2025-26620 was published for Duende.AccessTokenManagement (NuGet) Feb 19, 2025
Directus allows updates to non-allowed fields due to overlapping policies Moderate
CVE-2025-27089 was published for @directus/api (npm) Feb 19, 2025
hanneskuettner
Keycloak allows Incorrect Assignment of an Organization to a User Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0 Moderate
CVE-2025-1057 was published for keylime (pip) Feb 14, 2025
ansasaki
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25290 was published for @octokit/request (npm) Feb 14, 2025
ShiyuBanzhou MaikelvandenHurk-TomTom
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25289 was published for @octokit/request-error (npm) Feb 14, 2025
ShiyuBanzhou
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25288 was published for @octokit/plugin-paginate-rest (npm) Feb 14, 2025
ShiyuBanzhou MaikelvandenHurk-TomTom
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25285 was published for @octokit/endpoint (npm) Feb 14, 2025
ShiyuBanzhou
Vega allows Cross-site Scripting via the vlSelectionTuples function Moderate
CVE-2025-25304 was published for vega (npm) Feb 14, 2025
FallingPineapples domoritz
`gh attestation verify` returns incorrect exit code during verification if no attestations are present Moderate
CVE-2025-25204 was published for github.com/cli/cli/v2 (Go) Feb 14, 2025
codysoyland phillmv
kommendorkapten jkylekelly
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint Moderate
CVE-2025-25296 was published for label-studio (pip) Feb 14, 2025
xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database