Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,688 advisories

Loading
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
Out-of-bounds Read in Ruby JSON Parser High
CVE-2025-27788 was published for json (RubyGems) Mar 12, 2025
SmallRye Fault Tolerance out-of-memory (OOM) issue High
CVE-2025-2240 was published for io.smallrye:smallrye-fault-tolerance-core (Maven) Mar 12, 2025
Rembg CORS misconfiguration High
CVE-2025-25302 was published for rembg (pip) Mar 11, 2025
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding High
CVE-2025-27773 was published for simplesamlphp/saml2 (Composer) Mar 11, 2025
ahacker1-securesaml ZeiP
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
GHSA-w7f9-wqc4-3wxr was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/ratify-project/ratify (Go) Mar 11, 2025
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
Vela Server Has Insufficient Webhook Payload Data Verification High
CVE-2025-27616 was published for github.com/go-vela/server (Go) Mar 10, 2025
Local File Inclusion in Rack::Static High
CVE-2025-27610 was published for rack (RubyGems) Mar 10, 2025
Masamuneee jeremyevans
ioquatix
canvg Prototype Pollution vulnerability High
CVE-2025-25977 was published for canvg (npm) Mar 10, 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT High
CVE-2025-24813 was published for org.apache.tomcat:tomcat-catalina (Maven) Mar 10, 2025
Horcrux Double Sign Possibility High
GHSA-6wxf-7784-62fp was published for github.com/strangelove-ventures/horcrux/v3 (Go) Mar 7, 2025
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public High
CVE-2025-27604 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
Vue I18n Allows Prototype Pollution in `handleFlatJson` High
CVE-2025-27597 was published for @intlify/core (npm) Mar 7, 2025
mestrtee
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa
DoS Vulnerability in TraceContextPropagator.Extract - OpenTelemetry.Api High
GHSA-vc29-vg52-6643 was published for OpenTelemetry.AutoInstrumentation (NuGet) Mar 6, 2025
Out-of-bounds Write in SixLabors ImageSharp High
CVE-2025-27598 was published for SixLabors.ImageSharp (NuGet) Mar 6, 2025
andreas-eriksson
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database