Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,271 advisories

Loading
Vitest browser mode serves arbitrary files Moderate
CVE-2025-24963 was published for @vitest/browser (npm) Feb 4, 2025
sapphi-red
wasmvm: Malicious smart contract can slow down block production Moderate
GHSA-mx2j-7cmv-353c was published for cosmwasm-vm (Go) Feb 4, 2025
wasmvm: Malicious smart contract can crash the chain Moderate
GHSA-23qp-3c2m-xx6w was published for github.com/CosmWasm/wasmvm (Go) Feb 4, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Moderate
CVE-2025-24860 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Moderate
CVE-2025-23015 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
ZX Allows Environment Variable Injection for dotenv API Moderate
CVE-2025-24959 was published for zx (npm) Feb 3, 2025
arkark
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Browsershot Local File Inclusion Moderate
CVE-2024-21544 was published for spatie/browsershot (Composer) Dec 13, 2024
CometBFT allows a malicious peer to make node stuck in blocksync Moderate
CVE-2025-24371 was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpspreadsheet (Composer) Feb 3, 2025
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
rust-openssl ssl::select_next_proto use after free Moderate
CVE-2025-24898 was published for openssl (Rust) Feb 3, 2025
mmastrac
parse-uri Regular expression Denial of Service (ReDoS) Moderate
CVE-2024-36751 was published for parse-uri (npm) Jan 16, 2025
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Heap buffer overflow in CefSharp Moderate
CVE-2020-15999 was published for CefSharp.Common (NuGet) Oct 27, 2020
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
prabhu
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Composio Command Execution vulnerability Moderate
CVE-2024-53526 was published for composio-claude (pip) Jan 8, 2025
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database