Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,556 advisories

Loading
TYPO3 Potential Open Redirect via Parsing Differences Moderate
CVE-2024-55892 was published for typo3/cms-core (Composer) Jan 14, 2025
zer0yu Credited to zer0yu
TYPO3 Information Disclosure via Exception Handling/Logger Low
CVE-2024-55891 was published for typo3/cms-install (Composer) Jan 14, 2025
ohader Credited to ohader
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari Credited to miparnisari
Denial of Service in Keycloak Server via Security Headers Moderate
CVE-2024-11734 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
Keycloak allows unrestricted admin use of system and environment variables Moderate
CVE-2024-11736 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
shawkins Credited to shawkins
jte's HTML templates containing Javascript template strings are subject to XSS Moderate
CVE-2025-23026 was published for gg.jte:jte (Maven) Jan 13, 2025
Petersoj Credited to Petersoj
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
notation-go's timestamp signature generation lacks certificate revocation check Moderate
CVE-2024-56138 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 Credited to Faeris95
notation-go has an OS error when setting CRL cache leads to denial of signature verification Low
CVE-2024-51491 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 Credited to Faeris95, JeyJeyGao, and shizhMSFT JeyJeyGao JeyJeyGao
shizhMSFT shizhMSFT
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33298 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33299 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33297 was published for microweber/microweber (Composer) Jan 10, 2025
Vaultwarden vulnerable to user impersonation High
CVE-2024-55225 was published for vaultwarden (Rust) Jan 9, 2025
Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability Low
CVE-2024-55226 was published for vaultwarden (Rust) Jan 9, 2025
Vaultwarden HTML injection vulnerability Low
CVE-2024-55224 was published for vaultwarden (Rust) Jan 9, 2025
Drupal Open Social allows Functionality Misuse Moderate
CVE-2024-13274 was published for goalgorilla/open_social (Composer) Jan 9, 2025
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution Low
CVE-2025-22151 was published for strawberry-graphql (pip) Jan 9, 2025
jamietdavidson Credited to jamietdavidson, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh Low
CVE-2025-22149 was published for github.com/MicahParks/jwkset (Go) Jan 9, 2025
rohitkoul Credited to rohitkoul
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie Credited to stevebeattie
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
Mattermost Improper Validation of Specified Type of Input vulnerability Moderate
CVE-2025-20033 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
Mattermost has Improper Check for Unusual or Exceptional Conditions Low
CVE-2025-22445 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
Duplicate Advisory: Stored XSS in REDAXO Moderate
GHSA-mfx6-jvw8-53fm was published for redaxo/redaxo (Composer) Jan 9, 2025 withdrawn
GHSL-2024-288: SickChill open redirect in login Low
CVE-2024-53995 was published for sickchill (pip) Jan 8, 2025
Composio Command Execution vulnerability Moderate
CVE-2024-53526 was published for composio-claude (pip) Jan 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database