Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,515
Erlang
33
GitHub Actions
25
Go
2,215
Maven
5,000+
npm
3,876
NuGet
697
pip
3,648
Pub
12
RubyGems
913
Rust
924
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,315 advisories

Loading
React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button Low
CVE-2025-3191 was published for react-draft-wysiwyg (npm) Apr 4, 2025
Next.js may leak x-middleware-subrequest-id to external hosts Low
CVE-2025-30218 was published for next (npm) Apr 2, 2025
Ry0taK takumi-san-ai
Apache Answer User Using External Images Potentially Discloses User Information Low
CVE-2025-29868 was published for github.com/apache/answer (Go) Apr 1, 2025
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type Low
CVE-2025-27427 was published for org.apache.activemq:artemis-server (Maven) Apr 1, 2025
tough cyclic delegation graphs are not detected Low
GHSA-j8x2-777p-23fc was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes Low
CVE-2025-31697 was published for drupal/formatter_suite (Composer) Apr 1, 2025
Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31696 was published for drupal/rapidoc_elements_field_formatter (Composer) Apr 1, 2025
Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31695 was published for drupal/link_field_display_mode_formatter (Composer) Apr 1, 2025
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing Low
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
Drupal OAuth2 Server Missing Authorization vulnerability Low
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Cache Utility Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31690 was published for drupal/cache_utility (Composer) Apr 1, 2025
Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31689 was published for drupal/gdpr (Composer) Apr 1, 2025
Drupal Configuration Split Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31688 was published for drupal/config_split (Composer) Apr 1, 2025
Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31687 was published for drupal/spamspan (Composer) Apr 1, 2025
Drupal OAuth2 Client Cross-Site Request Forgery (CSRF) Low
CVE-2025-31684 was published for drupal/oauth2_client (Composer) Apr 1, 2025
Drupal AI Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31677 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Matomo Analytics Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31680 was published for drupal/matomo (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Low
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
PyO3 Risk of buffer overflow in `PyString::from_object` Low
GHSA-pph8-gcv7-4qj5 was published for pyo3 (Rust) Apr 2, 2025
Drupal Core Cross-Site Scripting (XSS) Vulnerability Low
CVE-2025-31675 was published for drupal/core (Composer) Apr 1, 2025
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 esparta
levpachmanov
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction Low
CVE-2024-39311 was published for publify_core (RubyGems) Mar 28, 2025
PinkDraconian
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database