Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables Moderate
CVE-2025-10929 was published for drupal/reverse_proxy_header (Composer) Oct 30, 2025
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh DarkLight1337
russellb
Credited to kexinoh, DarkLight1337, and russellb
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17... Moderate Unreviewed
CVE-2024-12093 was published May 22, 2025
tough root metadata version is not checked for sequential versioning Moderate
CVE-2025-2885 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
Credited to jku and AdamKorcz
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index... Moderate Unreviewed
CVE-2024-8305 was published Oct 21, 2024
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon ... High Unreviewed
CVE-2024-39515 was published Oct 9, 2024
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow... Moderate Unreviewed
CVE-2024-5953 was published Jun 18, 2024
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos... Moderate Unreviewed
CVE-2024-27375 was published Jun 5, 2024
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos... Moderate Unreviewed
CVE-2024-27371 was published Jun 5, 2024
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter High Unreviewed
CVE-2024-31136 was published Mar 28, 2024
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the... Moderate Unreviewed
CVE-2024-31140 was published Mar 28, 2024
A command injection vulnerability exists in local RACADM. A malicious authenticated user could... High Unreviewed
CVE-2024-25951 was published Mar 9, 2024
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Credited to venkkatesh-sekar and chenyan-dfinity
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could... High Unreviewed
CVE-2023-32701 was published Nov 14, 2023
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high... Moderate Unreviewed
CVE-2023-1620 was published Jun 26, 2023
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high... Moderate Unreviewed
CVE-2023-1619 was published Jun 26, 2023
xmldom allows multiple root nodes in a DOM Critical
CVE-2022-39353 was published for @xmldom/xmldom (npm) Nov 1, 2022
frumioj karfau
kurt-r2c
Credited to frumioj, karfau, and kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database