Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,614 advisories

Loading
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
Vyper's `slice()` may elide side-effects when output length is 0 Low
CVE-2025-47774 was published for vyper (pip) May 16, 2025
th3anatomist
Tornado vulnerable to excessive logging caused by malformed multipart form data High
CVE-2025-47287 was published for tornado (pip) May 16, 2025
Startr4ck awsactran
Vyper's `concat()` builtin may elide side-effects for zero-length arguments Low
CVE-2025-47285 was published for vyper (pip) May 16, 2025
th3anatomist
Ollama Server Vulnerable to Denial of Service (DoS) Attack High
CVE-2025-1975 was published for github.com/ollama/ollama (Go) May 16, 2025
lockfile-lint-api Vulnerable to Incorrect Behavior Order Moderate
CVE-2025-4759 was published for lockfile-lint-api (npm) May 16, 2025
Meteor Affected By Inefficient Regular Expression Complexity Moderate
CVE-2025-4727 was published for meteor (npm) May 16, 2025
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2024-11718 was published for couleurcitron/tarteaucitron-wp (Composer) May 15, 2025
Rudloff
Mattermost Fails to Verify User's Permissions When Accessing Groups Moderate
CVE-2025-2527 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Bullfrog's DNS over TCP bypasses domain filtering Moderate
CVE-2025-47775 was published for bullfrogsec/bullfrog (GitHub Actions) May 15, 2025
vin01
macroquad vulnerable to multiple soundness issues High
GHSA-gg76-hg3v-5q6c was published for macroquad (Rust) May 15, 2025
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. High
CVE-2025-47783 was published for label-studio (pip) May 15, 2025
Medok228
Reflex vulnerable to private state fields modification High
CVE-2025-47425 was published for reflex (pip) May 15, 2025
adhami3310 masenf
Kastier1
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution High
CVE-2025-47782 was published for motioneye (pip) May 15, 2025
hyperlyz MichaIng
Sulu vulnerable to XXE in SVG File upload Inspector Moderate
CVE-2025-47778 was published for sulu/sulu (Composer) May 15, 2025
mcdruid alexander-schranz
ausi
undici Denial of Service attack via bad certificate data Low
CVE-2025-47279 was published for undici (npm) May 15, 2025
styfle mcollina
Next.js Race Condition to Cache Poisoning Low
CVE-2025-32421 was published for next (npm) May 15, 2025
cold-try
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Babylon Finality Provider `MsgCommitPubRandList` replay attack High
GHSA-7mm3-vfg8-7rg6 was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Mattermost Fails to Validate Team Invite Permissions Moderate
CVE-2025-3446 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures Moderate
CVE-2025-31947 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality Moderate
CVE-2024-52290 was published for github.com/lf-edge/ekuiper (Go) May 14, 2025
TheMostKnown
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens Critical
CVE-2025-47884 was published for io.jenkins.plugins:oidc-provider (Maven) May 14, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database