GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
22,242 advisories
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
High
GHSA-6jrf-4jv4-r9mw
was published
for
tendermint-light-client-verifier
(Rust)
Apr 9, 2025
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
Moderate
CVE-2025-32379
was published
for
koa
(npm)
Apr 9, 2025
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
Critical
CVE-2025-32375
was published
for
bentoml
(pip)
Apr 9, 2025
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
Moderate
CVE-2025-32372
was published
for
DotNetNuke.Core
(NuGet)
Apr 9, 2025
bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
Moderate
CVE-2025-32025
was published
for
github.com/bep/imagemeta
(Go)
Apr 9, 2025
bep/imagemeta allows excessively large EXIF data structures
Moderate
CVE-2025-32024
was published
for
github.com/bep/imagemeta
(Go)
Apr 9, 2025
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
High
CVE-2025-32017
was published
for
Umbraco.Cms
(NuGet)
Apr 9, 2025
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use
Moderate
GHSA-wr2m-38xh-rpc9
was published
for
lemmy_server
(Rust)
Apr 8, 2025
Shopware allows Denial Of Service via password length
High
CVE-2025-30151
was published
for
shopware/core
(Composer)
Apr 8, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api
Moderate
CVE-2025-30150
was published
for
shopware/core
(Composer)
Apr 8, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
estree-util-value-to-estree allows prototype pollution in generated ESTree
Moderate
CVE-2025-32014
was published
for
estree-util-value-to-estree
(npm)
Apr 7, 2025
ProTip!
Advisories are also available from the
GraphQL API