GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+
9,248 advisories
Filter by severity
fast-fault has a segmentation fault due to lack of bound check
Moderate
GHSA-8655-xgh5-5vvq
was published
for
fast-float
(Rust)
Jan 29, 2025
fast-float2 has a segmentation fault due to lack of bound check
Moderate
GHSA-jqcp-xc3v-f446
was published
for
fast-float2
(Rust)
Jan 29, 2025
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Moderate
CVE-2025-24884
was published
for
github.com/RichardoC/kube-audit-rest
(Go)
Jan 29, 2025
snowflake-connector-python vulnerable to insecure cache files permissions
Moderate
CVE-2025-24795
was published
for
snowflake-connector-python
(pip)
Jan 29, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
Moderate
CVE-2025-24794
was published
for
snowflake-connector-python
(pip)
Jan 29, 2025
Snowflake.Data has weak temporary files permissions
Moderate
CVE-2025-24788
was published
for
Snowflake.Data
(NuGet)
Jan 29, 2025
libheif vulnerable to segmentation fault via floating point exception
Moderate
CVE-2023-29659
was published
for
github.com/strukturag/libheif
(Go)
May 5, 2023
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
RuoYi vulnerable to Denial of Service by attackers with admin privileges
Moderate
CVE-2024-57439
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
RuoYi has insecure permissions
Moderate
CVE-2024-57438
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource
Moderate
CVE-2024-29869
was published
for
org.apache.hive:hive-exec
(Maven)
Jan 29, 2025
github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read
Moderate
GHSA-29qp-crvh-w22m
was published
for
github.com/hashicorp/yamux
(Go)
Jan 29, 2025
In regclient, pinned manifest digests may be ignored
Moderate
CVE-2025-24882
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
Improper input validation in github.com/gin-gonic/gin
Moderate
CVE-2023-26125
was published
for
github.com/gin-gonic/gin
(Go)
May 4, 2023
snowflake-sdk may incorrectly validate temporary credential cache file permissions
Moderate
CVE-2025-24791
was published
for
snowflake-sdk
(npm)
Jan 29, 2025
Snowflake JDBC uses insecure temporary credential cache file permissions
Moderate
CVE-2025-24790
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Jan 29, 2025
Twig security issue where escaping was missing when using null coalesce operator
Moderate
CVE-2025-24374
was published
for
twig/twig
(Composer)
Jan 29, 2025
Cross site scripting in Silverpeas Core
Moderate
CVE-2024-56923
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jan 22, 2025
Liferay Portal vulnerable to Denial of Service
Moderate
CVE-2024-26265
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 20, 2024
Liferay Portal and Liferay DXP vulnerable to theft of hashed password
Moderate
CVE-2024-26270
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 20, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Moderate
CVE-2024-11993
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 17, 2024
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Moderate
CVE-2024-23953
was published
for
org.apache.hive:hive-llap-common
(Maven)
Jan 28, 2025
Insecure Temporary File usage in github.com/golang/glog
Moderate
CVE-2024-45339
was published
for
github.com/golang/glog
(Go)
Jan 28, 2025
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Infinispan vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2025-0736
was published
for
org.infinispan:infinispan-parent
(Maven)
Jan 28, 2025
ProTip!
Advisories are also available from the
GraphQL API