Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,626 advisories

Loading
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
Moodle has an arbitrary file read risk through pdfTeX High
CVE-2025-26525 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a SQL injection risk in course search module list filter High
CVE-2025-26533 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS risk in admin live log High
CVE-2025-26529 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability High
GHSA-5pmw-9j92-3c4c was published for openh264-sys2 (Rust) Feb 24, 2025
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit High
CVE-2025-1403 was published for qiskit (pip) Feb 21, 2025
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation High
CVE-2025-27088 was published for github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy (Go) Feb 20, 2025
ddvleeuwen oxyno-zeta
Cosmos SDK: Groups module can halt chain when handling a malicious proposal High
GHSA-x5vx-95h7-rv4p was published for github.com/cosmos/cosmos-sdk (Go) Feb 20, 2025
dongsam
Hermes improperly validates a JWT High
CVE-2025-1293 was published for github.com/hashicorp-forge/hermes (Go) Feb 20, 2025
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
Uncaught Panic in ORML Rewards Pallet High
GHSA-5v93-9mqw-p9mh was published for orml-rewards (Rust) Feb 14, 2025
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint High
CVE-2025-25297 was published for label-studio (pip) Feb 14, 2025
xbow-security
Label Studio has a Path Traversal Vulnerability via image Field High
CVE-2025-25295 was published for label-studio-sdk (pip) Feb 14, 2025
xbow-security
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance High
CVE-2025-1247 was published for io.quarkus:quarkus-rest (Maven) Feb 13, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory High
CVE-2025-25283 was published for parse-duration (npm) Feb 12, 2025
lirantal
go-crypto-winnative BCryptGenerateSymmetricKey memory leak High
CVE-2025-25199 was published for github.com/microsoft/go-crypto-winnative (Go) Feb 12, 2025
clarkb7
Distribution's token authentication allows to inject an untrusted signing key in a JWT High
CVE-2025-24976 was published for github.com/distribution/distribution/v3 (Go) Feb 11, 2025
evanebb
Authentication bypass in @sap/approuter High
CVE-2025-24876 was published for @sap/approuter (npm) Feb 11, 2025
rosenblueh
Authorization Bypass in OPC UA .NET Standard Stack High
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database