GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,409
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+
3,184 advisories
Filter by severity
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement
Critical
GHSA-jg6f-48ff-5xrw
was published
for
github.com/cosmos/ibc-go
(Go)
Feb 28, 2025
Improper Authorization vulnerability in Magento and Adobe Commerce
Critical
CVE-2025-24434
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47051
was published
for
mautic/core
(Composer)
Feb 26, 2025
LTI JupyterHub Authenticator does not properly validate JWT Signature
Critical
CVE-2023-25574
was published
for
jupyterhub-ltiauthenticator
(pip)
Feb 25, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Critical
GHSA-vp58-j275-797x
was published
for
better-auth
(npm)
Feb 24, 2025
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Critical
CVE-2023-44467
was published
for
langchain-experimental
(pip)
Oct 9, 2023
Easy!Appointments Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2024-57602
was published
for
alextselegidis/easyappointments
(Composer)
Feb 13, 2025
Mattermost allows reading arbitrary files
Critical
CVE-2025-20051
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 24, 2025
Mattermost allows reading arbitrary files related to importing boards
Critical
CVE-2025-25279
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 24, 2025
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Critical
GHSA-vjh7-7g9h-fjfh
was published
for
elliptic
(npm)
Feb 12, 2025
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
XWiki Platform allows remote code execution as guest via SolrSearchMacros request
Critical
CVE-2025-24893
was published
for
org.xwiki.platform:xwiki-platform-search-solr-ui
(Maven)
Feb 20, 2025
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Critical
CVE-2023-39631
was published
for
langchain
(pip)
Sep 1, 2023
Namada-apps allows Excessive Computation in Mempool Validation
Critical
GHSA-f8qm-hmm3-fv7f
was published
for
namada-apps
(Rust)
Feb 20, 2025
Namada-apps can Crash with Excessive Computation in Mempool Validation
Critical
GHSA-82vg-5v4f-f9wq
was published
for
namada-apps
(Rust)
Feb 20, 2025
Namada-apps allows Post-Genesis Validator Bypass
Critical
GHSA-2gw2-qgjg-xh6p
was published
for
namada-apps
(Rust)
Feb 20, 2025
DocsGPT Allows Remote Code Execution
Critical
CVE-2025-0868
was published
for
docsgpt
(npm)
Feb 20, 2025
MaysWind ezBookkeeping has Improper Privilege Management
Critical
CVE-2024-57604
was published
for
github.com/mayswind/ezbookkeeping
(Go)
Feb 13, 2025
Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
Critical
CVE-2024-56180
was published
for
org.apache.eventmesh:eventmesh-meta-raft
(Maven)
Feb 14, 2025
Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed
Critical
CVE-2023-28462
was published
for
fish.payara.server:payara-aggregator
(Maven)
Mar 30, 2023
python-jose algorithm confusion with OpenSSH ECDSA keys
Critical
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass
Critical
CVE-2025-24895
was published
for
CIE.AspNetCore.Authentication
(NuGet)
Feb 18, 2025
ProTip!
Advisories are also available from the
GraphQL API