The Wayback Machine - https://web.archive.org/web/20250128222117/https://github.com/advisories
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,166 advisories

Loading
Potential DoS when using ContextLines integration Low
GHSA-r5w7-f542-q2j4 was published for @sentry/astro (npm) Jan 28, 2025
mstrokin
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
pimcore/customer-data-framework vulnerable to SQL Injection Moderate
CVE-2024-11956 was published for pimcore/customer-management-framework-bundle (Composer) Jan 28, 2025
maeitsec
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
GHSA-xr3m-6gq6-22cg was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec
ArgoCD Namespace Isolation Break High
CVE-2024-13484 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 28, 2025
ismp-grandpa crate accepted incorrect signatures Critical
CVE-2025-24800 was published for grandpa-verifier (Rust) Jan 28, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate Moderate
GHSA-8m8m-98c9-vw7q was published for pimcore/customer-data-framework (Composer) Jan 28, 2025 withdrawn
CRI-O Path Traversal vulnerability Moderate
CVE-2025-0750 was published for github.com/cri-o/cri-o (Go) Jan 28, 2025
Infinispan vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-0736 was published for org.infinispan:infinispan-parent (Maven) Jan 28, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch
imgproxy is vulnerable to SSRF against 0.0.0.0 Moderate
CVE-2025-24354 was published for github.com/imgproxy/imgproxy (Go) Jan 27, 2025
phannguyenlong Benasin
benaubin
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55227 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55228 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Low
CVE-2025-24783 was published for org.apache.cocoon:cocoon-forms-impl (Maven) Jan 27, 2025
uniapi version 1.0.7 contained an information harvesting script. High
GHSA-gvvw-rr8m-fj76 was published for uniapi (pip) Jan 27, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24361 was published for @nuxt/rspack-builder (npm) Jan 27, 2025
sapphi-red
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24360 was published for @nuxt/vite-builder (npm) Jan 27, 2025
sapphi-red
Apache Solr vulnerable to Execution with Unnecessary Privileges High
CVE-2025-24814 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
Apache Solr Relative Path Traversal vulnerability Moderate
CVE-2024-52012 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn olblak
GitHub PAT written to debug artifacts High
CVE-2025-24362 was published for github/codeql-action (GitHub Actions) Jan 24, 2025
jstawinski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database