Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32,624 advisories

Loading
GoBGP does not verify that the input length Moderate
CVE-2025-43973 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP panics due to a zero value for softwareVersionLen High
CVE-2025-43971 was published for github.com/osrg/gobgp/v3 (Go) Apr 21, 2025
shaked-seal Credited to shaked-seal
GoBGP does not properly check the input length Moderate
CVE-2025-43970 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan Credited to pukkandan, JarLob, Grub4K, dirkf, and rhdesmond JarLob JarLob
Grub4K Grub4K dirkf dirkf rhdesmond rhdesmond
Traefik affected by Go HTTP Request Smuggling Vulnerability Critical
GHSA-5423-jcjm-2gpv was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
varunbondre Credited to varunbondre
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability High
GHSA-3wqc-mwfx-672p was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
adregbr Credited to adregbr
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41447 was published for org.opencms:opencms-core (Maven) Apr 18, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for torch (pip) Apr 18, 2025
azraelxuemo Credited to azraelxuemo and SNiTEBoBy SNiTEBoBy SNiTEBoBy
ses's global contour bindings leak into Compartment lexical scope High
CVE-2025-32792 was published for ses (npm) Apr 18, 2025
mingijunggrape Credited to mingijunggrape, michaelfig, mhofman, and kriskowal michaelfig michaelfig
mhofman mhofman kriskowal kriskowal
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass High
CVE-2025-32442 was published for fastify (npm) Apr 18, 2025
Linkster78 Credited to Linkster78, climba03003, mcollina, Eomm, and jsumners climba03003 climba03003
mcollina mcollina Eomm Eomm jsumners jsumners
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
OpenMetadata SQL Injection High
CVE-2024-55238 was published for org.open-metadata:openmetadata-service (Maven) Apr 17, 2025
Liferay Cross-site Scripting vulnerability Moderate
CVE-2025-3760 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 17, 2025
PEAR HTTP_Request2 vulnerable to Cross-site Scripting Moderate
CVE-2025-43717 was published for pear/http_request2 (Composer) Apr 17, 2025
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
ferdlestier Credited to ferdlestier and szuliq szuliq szuliq
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Permission policy information leakage in Backstage permission system Moderate
CVE-2025-32791 was published for @backstage/plugin-permission-backend (npm) Apr 16, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API