Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

7,544 advisories

Loading
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
Property reflection in System.Linq.Dynamic.Core High
CVE-2024-51417 was published for System.Linq.Dynamic.Core (NuGet) Jan 21, 2025
Buildah allows build breakout using malicious Containerfiles and concurrent builds High
CVE-2024-11218 was published for github.com/containers/buildah (Go) Jan 21, 2025
eriksjolund
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb High
CVE-2024-41672 was published for duckdb (pip) Jan 21, 2025
zacMode
Cross-Site Request Forgery in CodeChecker API High
CVE-2024-53829 was published for codechecker (pip) Jan 21, 2025
Discookie
Authenticated arbitrary file deletion in YesWiki High
CVE-2025-24019 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Authenticated Stored XSS in YesWiki High
CVE-2025-24018 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Unauthenticated DOM Based XSS in YesWiki High
CVE-2025-24017 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
HashiCorp go-slug Vulnerable to Zip Slip Attack High
CVE-2025-0377 was published for github.com/hashicorp/go-slug (Go) Jan 21, 2025
Insecure default config access in WriteFreely High
CVE-2025-24337 was published for github.com/writefreely/writefreely (Go) Jan 20, 2025
Zot IdP group membership revocation ignored High
CVE-2025-23208 was published for zotregistry.dev/zot (Go) Jan 17, 2025
jeff-mccoy
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
Eugeny Tabby Sends Password Despite Host Key Verification Failure High
CVE-2024-48460 was published for tabby-ssh (npm) Jan 17, 2025
SP1 has missing verifier checks and fiat-shamir observations High
GHSA-c873-wfhp-wx5m was published for sp1-stark (Rust) Jan 15, 2025
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK
Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability High
CVE-2025-21176 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 14, 2025
Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability High
CVE-2025-21172 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 14, 2025
Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability High
CVE-2025-21171 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 14, 2025
Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials High
CVE-2024-50338 was published for git-credential-manager (NuGet) Jan 14, 2025
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55921 was published for typo3/cms-extensionmanager (Composer) Jan 14, 2025
Vaultwarden vulnerable to user impersonation High
CVE-2024-55225 was published for vaultwarden (Rust) Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database