Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,829
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,065
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,009
Swift
39
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
GitProxy Backfile Parsing Exploit High
CVE-2025-54584 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input... Moderate Unreviewed
CVE-2025-5826 was published Jun 26, 2025
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution... High Unreviewed
CVE-2025-5747 was published Jun 6, 2025
A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of... High Unreviewed
CVE-2025-32908 was published Apr 14, 2025
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality Moderate
CVE-2024-9900 was published for github.com/mudler/LocalAI (Go) Mar 20, 2025
A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression... Moderate Unreviewed
CVE-2024-12388 was published Mar 20, 2025
An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The... High Unreviewed
CVE-2024-11169 was published Mar 20, 2025
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect... Moderate Unreviewed
CVE-2025-25069 was published Feb 7, 2025
A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF... Moderate Unreviewed
CVE-2023-32228 was published Apr 11, 2024
Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX),... Moderate Unreviewed
CVE-2023-32260 was published Mar 19, 2024
Misinterpretation of Input in thorsten/phpmyfaq Moderate
CVE-2023-0880 was published for thorsten/phpmyfaq (Composer) Feb 17, 2023
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing Moderate
CVE-2022-3224 was published for parse-url (npm) Sep 16, 2022
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of... Critical Unreviewed
CVE-2020-29511 was published May 24, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in... Moderate Unreviewed
CVE-2018-12123 was published May 13, 2022
URL Confusion When Scheme Not Supplied in medialize/uri.js Moderate
CVE-2022-1233 was published for urijs (npm) Apr 5, 2022
Authentication Bypass in github.com/russellhaering/gosaml2 Critical
CVE-2020-29509 was published for github.com/russellhaering/gosaml2 (Go) Feb 11, 2022
jupenur
XML Processing error in github.com/crewjam/saml Critical
CVE-2020-27846 was published for github.com/crewjam/saml (Go) Jun 23, 2021
REXML round-trip instability High
CVE-2021-28965 was published for rexml (RubyGems) Apr 30, 2021
Misinterpretation of malicious XML input Moderate
CVE-2021-21366 was published for xmldom (npm) Mar 12, 2021
jupenur karfau
brody4hire
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database