Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,556 advisories

Loading
Envoy Admin Interface Exposed through prometheus metrics endpoint High
CVE-2025-24030 was published for github.com/envoyproxy/gateway (Go) Jan 23, 2025
guydc Credited to guydc
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter High
CVE-2025-22153 was published for RestrictedPython (pip) Jan 23, 2025
icemac Credited to icemac, Nico-Posada, dataflake, and tseaver Nico-Posada Nico-Posada
dataflake dataflake tseaver tseaver
Apache Wicket: An attacker can intentionally trigger a memory leak Moderate
CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025
raboof Credited to raboof
phpMyAdmin XSS when checking tables Moderate
CVE-2025-24530 was published for phpmyadmin/phpmyadmin (Composer) Jan 23, 2025
Cross site scripting in Silverpeas Core Moderate
CVE-2024-56923 was published for org.silverpeas.core:silverpeas-core (Maven) Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting Moderate
CVE-2024-55488 was published for Umbraco.Cms.Infrastructure (NuGet) Jan 22, 2025 withdrawn
AndyButland Credited to AndyButland
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template Moderate
CVE-2025-24027 was published for prestashop/ps_contactinfo (Composer) Jan 22, 2025
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
DoS in Cilium agent DNS proxy from crafted DNS responses Moderate
CVE-2025-23028 was published for github.com/cilium/cilium (Go) Jan 22, 2025
bimmlerd Credited to bimmlerd and kokelley-cisco kokelley-cisco kokelley-cisco
Duplicate Advisory: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
GHSA-m3hp-8546-5qmr was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025 withdrawn
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page Moderate
CVE-2024-45478 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Property reflection in System.Linq.Dynamic.Core High
CVE-2024-51417 was published for System.Linq.Dynamic.Core (NuGet) Jan 21, 2025
larsk2009 Credited to larsk2009
XSS/HTML Injection Vulnerability in Umbraco Preview Badge Moderate
CVE-2024-10761 was published for Umbraco.Cms (NuGet) Jan 21, 2025
kushkira Credited to kushkira
Buildah allows build breakout using malicious Containerfiles and concurrent builds High
CVE-2024-11218 was published for github.com/containers/buildah (Go) Jan 21, 2025
eriksjolund Credited to eriksjolund
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean Credited to nsysean and arnog arnog arnog
Missing validation of header name and value in codeigniter4/framework Moderate
CVE-2025-24013 was published for codeigniter4/framework (Composer) Jan 21, 2025
neznaika0 Credited to neznaika0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database