Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,767
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,229 advisories

Loading
Plenti - Code Injection - Denial of Services Moderate
GHSA-mj4v-hp69-27x5 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
Contrast's unauthenticated recovery allows Coordinator impersonation High
GHSA-vqv5-385r-2hf8 was published for github.com/edgelesssys/contrast (Go) Feb 5, 2025
3u13r burgerdev
katexochen
Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025
MobSF Local Privilege Escalation High
CVE-2025-24805 was published for mobsf (pip) Feb 5, 2025
MobSF Partial Denial of Service (DoS) High
CVE-2025-24804 was published for mobsf (pip) Feb 5, 2025
MobSF Stored Cross-Site Scripting (XSS) High
CVE-2025-24803 was published for mobsf (pip) Feb 5, 2025
CKAN has an XSS vector in user uploaded images in group/org and user profiles High
CVE-2025-24372 was published for ckan (pip) Feb 5, 2025
m4dn355
GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions Critical
CVE-2024-36404 was published for org.geotools.xsd:gt-xsd-core (Maven) Feb 5, 2025
sikeoka jodygarnett
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
MarbleRun unauthenticated recovery allows Coordinator impersonation High
GHSA-w7wm-2425-7p2h was published for github.com/edgelesssys/marblerun (Go) Feb 4, 2025
wasmvm: Malicious smart contract can slow down block production Moderate
GHSA-mx2j-7cmv-353c was published for cosmwasm-vm (Go) Feb 4, 2025
wasmvm: Malicious smart contract can crash the chain Moderate
GHSA-23qp-3c2m-xx6w was published for github.com/CosmWasm/wasmvm (Go) Feb 4, 2025
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening Critical
CVE-2025-24964 was published for vitest (npm) Feb 4, 2025
sapphi-red
Vitest browser mode serves arbitrary files Moderate
CVE-2025-24963 was published for @vitest/browser (npm) Feb 4, 2025
sapphi-red
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Moderate
CVE-2025-24860 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Moderate
CVE-2025-23015 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
ZX Allows Environment Variable Injection for dotenv API Moderate
CVE-2025-24959 was published for zx (npm) Feb 3, 2025
arkark
rust-openssl ssl::select_next_proto use after free Moderate
CVE-2025-24898 was published for openssl (Rust) Feb 3, 2025
mmastrac
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts High
GHSA-r3r4-g7hq-pq4f was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database