Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 Moderate
CVE-2025-66202 was published for astro (npm) Dec 8, 2025
zomaxsec
Credited to zomaxsec
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass High
CVE-2025-64500 was published for symfony/http-foundation (Composer) Nov 12, 2025
cs278 nicolas-grekas
Credited to cs278 and nicolas-grekas
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL Critical
CVE-2025-47241 was published for browser-use (pip) May 5, 2025
mmudryi markiyanch
Credited to mmudryi and markiyanch
Duplicate Advisory: `allowed_domains` can be bypassed by putting a decoy domain in http auth username portion of a URL Critical
GHSA-f54f-hr32-586f was published for browser-use (pip) May 3, 2025 withdrawn
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a... Low Unreviewed
CVE-2025-43916 was published Apr 21, 2025
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including... Critical Unreviewed
CVE-2022-43939 was published Apr 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database