Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,556 advisories

Loading
fast-fault has a segmentation fault due to lack of bound check Moderate
GHSA-8655-xgh5-5vvq was published for fast-float (Rust) Jan 29, 2025
fast-float2 has a segmentation fault due to lack of bound check Moderate
GHSA-jqcp-xc3v-f446 was published for fast-float2 (Rust) Jan 29, 2025
Snowflake.Data has weak temporary files permissions Moderate
CVE-2025-24788 was published for Snowflake.Data (NuGet) Jan 29, 2025
snowflake-connector-python vulnerable to SQL Injection in write_pandas High
CVE-2025-24793 was published for snowflake-connector-python (pip) Jan 29, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache Moderate
CVE-2025-24794 was published for snowflake-connector-python (pip) Jan 29, 2025
snowflake-connector-python vulnerable to insecure cache files permissions Moderate
CVE-2025-24795 was published for snowflake-connector-python (pip) Jan 29, 2025
kube-audit-rest's example logging configuration could disclose secret values in the audit log Moderate
CVE-2025-24884 was published for github.com/RichardoC/kube-audit-rest (Go) Jan 29, 2025
Withdrawn Advisory: github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read Moderate
GHSA-29qp-crvh-w22m was published for github.com/hashicorp/yamux (Go) Jan 29, 2025 withdrawn
finnigja Credited to finnigja
snowflake-sdk may incorrectly validate temporary credential cache file permissions Moderate
CVE-2025-24791 was published for snowflake-sdk (npm) Jan 29, 2025
Snowflake JDBC uses insecure temporary credential cache file permissions Moderate
CVE-2025-24790 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
Snowflake JDBC allows an untrusted search path on Windows High
CVE-2025-24789 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
Twig security issue where escaping was missing when using null coalesce operator Moderate
CVE-2025-24374 was published for twig/twig (Composer) Jan 29, 2025
PhilETaylor Credited to PhilETaylor and fabpot fabpot fabpot
RuoYi has insecure permissions Moderate
CVE-2024-57438 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
RuoYi vulnerable to Denial of Service by attackers with admin privileges Moderate
CVE-2024-57439 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource Moderate
CVE-2024-29869 was published for org.apache.hive:hive-exec (Maven) Jan 29, 2025
Potential DoS when using ContextLines integration Low
GHSA-r5w7-f542-q2j4 was published for @sentry/astro (npm) Jan 28, 2025
mstrokin Credited to mstrokin
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
pimcore/customer-data-framework vulnerable to SQL Injection Moderate
CVE-2024-11956 was published for pimcore/customer-management-framework-bundle (Composer) Jan 28, 2025
maeitsec Credited to maeitsec
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
CVE-2024-11954 was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec Credited to maeitsec
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi Credited to svghadi
ismp-grandpa crate accepted incorrect signatures Critical
CVE-2025-24800 was published for grandpa-verifier (Rust) Jan 28, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate Moderate
GHSA-8m8m-98c9-vw7q was published for pimcore/customer-data-framework (Composer) Jan 28, 2025 withdrawn
Duplicate Advisory: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document Moderate
GHSA-8m2r-x2m2-3wmw was published for pimcore/pimcore (Composer) Jan 28, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database