Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

8,289 advisories

Loading
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Rich-Harris
dominikg
Badaso CMS file upload vulnerability High
CVE-2025-52353 was published for badaso/core (Composer) Aug 26, 2025
xml2rfc has an arbitrary file read vulnerability High
GHSA-cfmv-h8fx-85m7 was published for xml2rfc (pip) Aug 26, 2025
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow High
CVE-2025-57803 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
mescuwa
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune jin-156
amethyst0225
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) High
CVE-2025-57760 was published for langflow (pip) Aug 25, 2025
chaandrey
imagemagick: heap-buffer overflow read in MNG magnification with alpha High
CVE-2025-55004 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
ImageMagick has a Stack Buffer Overflow in image.c High
CVE-2025-53101 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
Adminer PHP Object Injection issue leads to Denial of Service High
CVE-2025-43960 was published for vrana/adminer (Composer) Aug 25, 2025
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) High
CVE-2025-26467 was published for org.apache.cassandra:cassandra-all (Maven) Aug 25, 2025
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser High
CVE-2025-54370 was published for phpoffice/phpspreadsheet (Composer) Aug 25, 2025
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
UnoPim has Broken Access Control High
CVE-2025-55741 was published for unopim/unopim (Composer) Aug 22, 2025
0xcharb
hippo4j Includes Hard Coded Secret Key in JWT Creation High
CVE-2025-51606 was published for cn.hippo4j:hippo4j-core (Maven) Aug 21, 2025
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
@musistudio/claude-code-router has improper CORS configuration High
CVE-2025-57755 was published for @musistudio/claude-code-router (npm) Aug 21, 2025
ttttmr
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
UnoPim vulnerable to remote code execution through Arbitrary File upload High
CVE-2025-55743 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database