GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
33,177 advisories
Filter by severity
Mattermost allows an unauthorized Guest user access to Playbook
Moderate
CVE-2025-3228
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 20, 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
High
CVE-2025-52488
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN.PLATFORM possibly allows bypass of IP Filters
High
CVE-2025-52487
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
Moderate
CVE-2025-52485
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
Moderate
CVE-2025-52486
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+
High
GHSA-7cjh-xx4r-qh3f
was published
for
io.sentry:sentry-android
(Maven)
Jun 20, 2025
Mattermost allows authenticated users to write files to arbitrary locations
Critical
CVE-2025-4981
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 20, 2025
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact
Moderate
CVE-2025-6264
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jun 20, 2025
Crafter Studio Groovy Sandbox Bypass
High
CVE-2025-6384
was published
for
org.craftercms:crafter-studio
(Maven)
Jun 19, 2025
Upsonic is vulnerable to Path Traversal attack through its os.path.join function
Low
CVE-2025-6278
was published
for
upsonic
(pip)
Jun 19, 2025
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization
Low
CVE-2025-6279
was published
for
upsonic
(pip)
Jun 19, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
Critical
CVE-2025-49132
was published
for
pterodactyl/panel
(Composer)
Jun 19, 2025
pywasm3 has Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2025-6272
was published
for
pywasm3
(pip)
Jun 19, 2025
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
Low
CVE-2025-48059
was published
for
com.powsybl:powsybl-contingency-api
(Maven)
Jun 19, 2025
PowSyBl Core contains Polynomial REDoS’es
Moderate
CVE-2025-48058
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data
High
CVE-2025-47771
was published
for
com.powsybl:powsybl-math
(Maven)
Jun 19, 2025
DotVVM allows path traversal when deployed in Debug mode
High
GHSA-6q65-j4jw-9cg8
was published
for
DotVVM
(NuGet)
Jun 19, 2025
PowSyBl Core XML Reader allows XXE and SSRF
Low
CVE-2025-47293
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
Apache SeaTunnel: Unauthenticated insecure access
Low
CVE-2025-32896
was published
for
org.apache.seatunnel:seatunnel-engine-common
(Maven)
Jun 19, 2025
Taylored webhook validation vulnerabilities
Critical
GHSA-8g98-m4j9-qww5
was published
for
taylored
(npm)
Jun 18, 2025
urllib3 does not control redirects in browsers and Node.js
Moderate
CVE-2025-50182
was published
for
urllib3
(pip)
Jun 18, 2025
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Moderate
CVE-2025-50181
was published
for
urllib3
(pip)
Jun 18, 2025
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates
Moderate
CVE-2025-49015
was published
for
CouchbaseNetClient
(NuGet)
Jun 18, 2025
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
Moderate
CVE-2025-50183
was published
for
@openlist-frontend/openlist-frontend
(npm)
Jun 18, 2025
Grafana long dashboard title or panel name causes unresponsives
Low
CVE-2025-1088
was published
for
github.com/grafana/grafana
(Go)
Jun 18, 2025
ProTip!
Advisories are also available from the
GraphQL API