Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Expected Behavior Violation in Apache Tomcat Critical
CVE-2017-5651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Connection confusion in gRPC High
CVE-2023-32731 was published for grpc (RubyGems) Jul 5, 2023
jmatosgrafana picatz
jonasfj tal-sealsecurity
Credited to jmatosgrafana, picatz, jonasfj, and tal-sealsecurity
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj tal-sealsecurity
Credited to jonasfj and tal-sealsecurity
sweetalert2 contains potentially undesirable behavior Low
GHSA-mrr8-v49w-3333 was published for sweetalert2 (npm) Jul 10, 2023
limonte
Credited to limonte
Unauthenticated Nonce Increment in snow Low
CVE-2024-58265 was published for snow (Rust) Jan 24, 2024
Apollo Router vulnerable to Critical Regression In Query Plan Cache Critical
CVE-2024-32971 was published for apollo-router (Rust) May 2, 2024
xuorig o0Ignition0o
peakematt IvanGoncharov Geal glasser jasonbarnett667 abernix
Credited to xuorig, o0Ignition0o, peakematt, IvanGoncharov, Geal, glasser, jasonbarnett667, and abernix
LoLLMS vulnerable to Expected Behavior Violation High
CVE-2024-6281 was published for lollms (pip) Jul 20, 2024
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend Moderate
CVE-2024-47762 was published for @backstage/plugin-app-backend (npm) Oct 3, 2024
SageMaker Workflow component allows possibility of MD5 hash collisions Moderate
CVE-2025-0508 was published for sagemaker (pip) Mar 20, 2025
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions Moderate
CVE-2025-3044 was published for llama-index-readers-papers (pip) Jul 7, 2025
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class Moderate
CVE-2025-6211 was published for llama-index (pip) Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database