Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,231
Maven
5,000+
npm
3,897
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,242 advisories

Loading
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing High
CVE-2025-32380 was published for apollo-router (Rust) Apr 7, 2025
yo-artyom
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
CVE-2025-32033 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32034 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32032 was published for apollo-router (Rust) Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users Moderate
GHSA-9c4c-g95m-c8cp was published for flowise (npm) Apr 7, 2025
Tribal1012
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
GHSA-93mv-x874-956g was published for picklescan (pip) Apr 7, 2025
david3107
js-object-utilities Vulnerable to Prototype Pollution High
CVE-2025-28269 was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
tarteaucitron.js allows url scheme injection via unfiltered inputs Moderate
CVE-2025-31476 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
tarteaucitron.js allows prototype pollution via custom text injection Moderate
CVE-2025-31475 was published for tarteaucitronjs (npm) Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection Moderate
CVE-2025-31138 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
CVE-2025-3248 was published for langflow (pip) Apr 7, 2025
Apache Airflow Common SQL Provider Vulnerable to SQL Injection High
CVE-2025-30473 was published for apache-airflow-providers-common-sql (pip) Apr 7, 2025
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-27520 was published for bentoml (pip) Apr 4, 2025
c2an1
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
owainkenwayucl AndEsterson
harshavardhana
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database