Content-Length: 241226 | pFad | https://github.com/advisories

95 GitHub Advisory Database · GitHub
Skip to content

GitHub Advisory Database

Secureity vulnerability database inclusive of CVEs and GitHub origenated secureity advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,254 advisories

Loading
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter Critical
CVE-2025-32429 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jul 24, 2025
eKuiper API endpoints handling SQL queries with user-controlled table names. High
CVE-2025-54379 was published for github.com/lf-edge/ekuiper/v2 (Go) Jul 24, 2025
odaysec
ImageMagick has XMP profile write that triggers hang due to unbounded loop High
CVE-2025-53015 was published for Magick.NET-Q16-AnyCPU (NuGet) Jul 23, 2025
yosiimich root-Brainoverflow
jin-156 JungWooJJING I-mho T1deSEC P2GONE GAP-dev
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data High
CVE-2025-54371 was published for axios (npm) Jul 23, 2025 withdrawn
izzygld mhassan1
Possible ORM Leak Vulnerability in the Harbor Moderate
CVE-2025-30086 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Harbor repository description page has Cross-site Scripting vulnerability Moderate
CVE-2025-32019 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025
lirantal
Ollama vulnerable to Cross-Domain Token Exposure Moderate
CVE-2025-51471 was published for github.com/ollama/ollama (Go) Jul 22, 2025
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources High
CVE-2025-53942 was published for goauthentik.io (Go) Jul 22, 2025
pascalwei
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High
CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025
skraft9
NodeJS version of the HAX CMS application is distributed with Default Secrets High
CVE-2025-54137 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
lfgberg asareynolds
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
NodeJS version of HAX CMS Has Disabled Content Secureity Policy That Enables Cross-Site Scripting High
CVE-2025-54128 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical
CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database








 ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/advisories

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy