Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,699
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,941
NuGet
708
pip
3,708
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,579 advisories

Loading
samlify SAML Signature Wrapping attack Critical
CVE-2025-47949 was published for samlify (npm) May 19, 2025
ahacker1-securesaml
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes Moderate
CVE-2025-47946 was published for symfony/ux-live-component (Composer) May 19, 2025
DRaichev mhlozek
smnandre
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu wesleytodd
ctcpip UlisesGascon marco-ippolito
Multer vulnerable to Denial of Service via memory leaks from unclosed streams High
CVE-2025-47935 was published for multer (npm) May 19, 2025
ctcpip UlisesGascon
OpenPGP.js's message signature verification can be spoofed High
CVE-2025-47934 was published for openpgp (npm) May 19, 2025
CodeanIO
Gardener allows metadata injection for a project secret which can lead to privilege escalation Critical
CVE-2025-47284 was published for github.com/gardener/gardener (Go) May 19, 2025
Gardener allows bypassing project secret validation which can lead to privilege escalation Critical
CVE-2025-47283 was published for github.com/gardener/gardener (Go) May 19, 2025
Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation Critical
CVE-2025-47282 was published for github.com/gardener/external-dns-management (Go) May 19, 2025
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
Cocotais Bot has builtin .echo command injection Moderate
CVE-2025-47948 was published for cocotais-bot (npm) May 19, 2025
Destroyed-Dream
LibreNMS stored Cross-site Scripting vulnerability in poller group name Low
CVE-2025-47931 was published for librenms/librenms (Composer) May 19, 2025
Fewword
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9fwj-9mjf-rhj3 was published for auth0/login (Composer) May 17, 2025
Sideni
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-2f4r-34m4-3w8q was published for auth0/wordpress (Composer) May 17, 2025
Sideni
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9wg9-93h9-j8ch was published for auth0/symfony (Composer) May 17, 2025
Sideni
Forgeable Encrypted Session Cookie in Apps Using Auth0-PHP SDK Critical
CVE-2025-47275 was published for auth0/auth0-php (Composer) May 16, 2025
Sideni
Flask-AppBuilder open redirect vulnerability using HTTP host injection Moderate
CVE-2025-32962 was published for flask-appbuilder (pip) May 16, 2025
mar0n0
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
Vyper's `slice()` may elide side-effects when output length is 0 Low
CVE-2025-47774 was published for vyper (pip) May 16, 2025
Tornado vulnerable to excessive logging caused by malformed multipart form data High
CVE-2025-47287 was published for tornado (pip) May 16, 2025
Startr4ck
Vyper's `concat()` builtin may elide side-effects for zero-length arguments Low
CVE-2025-47285 was published for vyper (pip) May 16, 2025
th3anatomist
Ollama Server Vulnerable to Denial of Service (DoS) Attack High
CVE-2025-1975 was published for github.com/ollama/ollama (Go) May 16, 2025
lockfile-lint-api Vulnerable to Incorrect Behavior Order Moderate
CVE-2025-4759 was published for lockfile-lint-api (npm) May 16, 2025
Meteor Affected By Inefficient Regular Expression Complexity Moderate
CVE-2025-4727 was published for meteor (npm) May 16, 2025
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database