Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

7,554 advisories

Loading
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
Unpatched `path-to-regexp` ReDoS in 0.1.x High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey ctcpip
uniabis stbenjam pseudoralph mschfh jusemon panva alenovik jaydeep-bypt
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file High
CVE-2024-1603 was published for paddlepaddle (pip) Mar 23, 2024
MLflow has a Local File Read/Path Traversal bypass High
CVE-2024-3848 was published for mlflow (pip) May 16, 2024
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
GitHub PAT written to debug artifacts High
CVE-2025-24362 was published for github/codeql-action (GitHub Actions) Jan 24, 2025
jstawinski
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn olblak
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter High
CVE-2025-22153 was published for RestrictedPython (pip) Jan 23, 2025
icemac Nico-Posada
dataflake tseaver
Unlimited consumption of resources in @fastify/multipart High
CVE-2025-24033 was published for @fastify/multipart (npm) Jan 23, 2025
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape High
GHSA-vp47-9734-prjw was published for asteval (pip) Jan 23, 2025
SteakEnthusiast
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Cross-Site Request Forgery in moodle High
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK
Envoy Admin Interface Exposed through prometheus metrics endpoint High
CVE-2025-24030 was published for github.com/envoyproxy/gateway (Go) Jan 23, 2025
guydc
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
eduarddfinity AlexV525
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd
Onnx Directory Traversal vulnerability High
CVE-2024-27318 was published for onnx (pip) Feb 23, 2024
iarspider
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF High
CVE-2024-4367 was published for pdfjs-dist (npm) May 7, 2024
ThomasRinsma
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database