GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
32,624 advisories
Filter by severity
GoBGP does not verify that the input length
Moderate
CVE-2025-43973
was published
for
github.com/osrg/gobgp
(Go)
Apr 21, 2025
GoBGP panics due to a zero value for softwareVersionLen
High
CVE-2025-43971
was published
for
github.com/osrg/gobgp/v3
(Go)
Apr 21, 2025
GoBGP does not properly check the input length
Moderate
CVE-2025-43970
was published
for
github.com/osrg/gobgp
(Go)
Apr 21, 2025
QMarkdown Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-43954
was published
for
@quasar/quasar-ui-qmarkdown
(npm)
Apr 20, 2025
one-api Cross-site Scripting vulnerability
Moderate
CVE-2025-3801
was published
for
github.com/songquanpeng/one-api
(Go)
Apr 19, 2025
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
High
GHSA-22fp-mf44-f2mq
was published
for
youtube-dl
(pip)
Apr 18, 2025
Traefik affected by Go HTTP Request Smuggling Vulnerability
Critical
GHSA-5423-jcjm-2gpv
was published
for
github.com/traefik/traefik/v2
(Go)
Apr 18, 2025
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
High
GHSA-3wqc-mwfx-672p
was published
for
github.com/traefik/traefik/v2
(Go)
Apr 18, 2025
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-41447
was published
for
org.opencms:opencms-core
(Maven)
Apr 18, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability
Critical
CVE-2025-29953
was published
for
Apache.NMS.ActiveMQ
(NuGet)
Apr 18, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
Critical
CVE-2025-32434
was published
for
torch
(pip)
Apr 18, 2025
ses's global contour bindings leak into Compartment lexical scope
High
CVE-2025-32792
was published
for
ses
(npm)
Apr 18, 2025
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
High
CVE-2025-32442
was published
for
fastify
(npm)
Apr 18, 2025
Rasa Pro Missing Authentication For Voice Connector APIs
Moderate
CVE-2025-32377
was published
for
rasa-pro
(pip)
Apr 17, 2025
Pycel allows code injection via a crafted formula
High
CVE-2024-53924
was published
for
pycel
(pip)
Apr 17, 2025
OpenMetadata SQL Injection
High
CVE-2024-55238
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 17, 2025
Liferay Cross-site Scripting vulnerability
Moderate
CVE-2025-3760
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Apr 17, 2025
PEAR HTTP_Request2 vulnerable to Cross-site Scripting
Moderate
CVE-2025-43717
was published
for
pear/http_request2
(Composer)
Apr 17, 2025
PyTorch Improper Resource Shutdown or Release vulnerability
Moderate
CVE-2025-3730
was published
for
torch
(pip)
Apr 16, 2025
golang.org/x/net vulnerable to Cross-site Scripting
Moderate
CVE-2025-22872
was published
for
golang.org/x/net
(Go)
Apr 16, 2025
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
High
CVE-2024-53305
was published
for
whoogle-search
(pip)
Apr 16, 2025
Mattermost Incorrect Authorization vulnerability
Moderate
CVE-2025-2564
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 16, 2025
Permission policy information leakage in Backstage permission system
Moderate
CVE-2025-32791
was published
for
@backstage/plugin-permission-backend
(npm)
Apr 16, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki
Moderate
CVE-2025-32783
was published
for
org.xwiki.platform:xwiki-platform-messagestream
(Maven)
Apr 16, 2025
ProTip!
Advisories are also available from the
GraphQL API