Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,537 advisories

Loading
qcp has possible crash/DOS in some build configurations Moderate
GHSA-fmwf-c46w-r8qm was published for qcp (Rust) Mar 8, 2025
Open redirect in web2py Moderate
CVE-2023-22432 was published for web2py (pip) Mar 6, 2023
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Crash due to uncontrolled recursion in protobuf crate Moderate
GHSA-2gh3-rmm4-6rq5 was published for protobuf (Rust) Mar 7, 2025
Horcrux Double Sign Possibility High
GHSA-6wxf-7784-62fp was published for github.com/strangelove-ventures/horcrux/v3 (Go) Mar 7, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public High
CVE-2025-27604 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations Critical
CVE-2025-27603 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
Vue I18n Allows Prototype Pollution in `handleFlatJson` High
CVE-2025-27597 was published for @intlify/core (npm) Mar 7, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB High
CVE-2023-29005 was published for Flask-AppBuilder (pip) Apr 10, 2023
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Flask-AppBuilder Open Redirect vulnerability Moderate
CVE-2021-32805 was published for Flask-AppBuilder (pip) Sep 8, 2021
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2021-29621 was published for Flask-AppBuilder (pip) May 27, 2021
Some AES functions may panic when overflow checking is enabled in ring Moderate
GHSA-4p46-pwfr-66x6 was published for ring (Rust) Mar 7, 2025
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Eclipse Jetty has a denial of service vulnerability on DosFilter Moderate
CVE-2024-9823 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Oct 14, 2024
Eclipse Jetty URI parsing of invalid authority Moderate
CVE-2024-6763 was published for org.eclipse.jetty:jetty-http (Maven) Oct 14, 2024
zer0yu
Out-of-bounds Write in SixLabors ImageSharp High
CVE-2025-27598 was published for SixLabors.ImageSharp (NuGet) Mar 6, 2025
andreas-eriksson
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas paulblei
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Django vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-26699 was published for Django (pip) Mar 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database