Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,238
Maven
5,000+
npm
3,900
NuGet
701
pip
3,666
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,255 advisories

Loading
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function Moderate
CVE-2024-52980 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use Moderate
GHSA-wr2m-38xh-rpc9 was published for lemmy_server (Rust) Apr 8, 2025
Nothing4You
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
Tokio broadcast channel calls clone in parallel, but does not require `Sync` Low
GHSA-rr8g-9fpq-6wmg was published for tokio (Rust) Apr 7, 2025
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation Moderate
CVE-2025-32029 was published for @apeleghq/asn1-der (npm) Apr 7, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd
estree-util-value-to-estree allows prototype pollution in generated ESTree Moderate
CVE-2025-32014 was published for estree-util-value-to-estree (npm) Apr 7, 2025
remcohaszing
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing High
CVE-2025-32380 was published for apollo-router (Rust) Apr 7, 2025
yo-artyom
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
CVE-2025-32033 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32034 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32032 was published for apollo-router (Rust) Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users Moderate
GHSA-9c4c-g95m-c8cp was published for flowise (npm) Apr 7, 2025
Tribal1012
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
GHSA-93mv-x874-956g was published for picklescan (pip) Apr 7, 2025
david3107
js-object-utilities Vulnerable to Prototype Pollution High
CVE-2025-28269 was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database