Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,138 advisories

Loading
Directus has a DOM-Based cross-site scripting (XSS) via layout_options Low
GHSA-9qrm-48qf-r2rw was published for directus (npm) Jan 23, 2025
Directus allows privilege escalation using Share feature Moderate
CVE-2025-24353 was published for directus (npm) Jan 23, 2025
viters
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape High
GHSA-vp47-9734-prjw was published for asteval (pip) Jan 23, 2025
SteakEnthusiast
Unlimited consumption of resources in @fastify/multipart High
CVE-2025-24033 was published for @fastify/multipart (npm) Jan 23, 2025
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
Envoy Admin Interface Exposed through prometheus metrics endpoint High
CVE-2025-24030 was published for github.com/envoyproxy/gateway (Go) Jan 23, 2025
guydc
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter High
CVE-2025-22153 was published for RestrictedPython (pip) Jan 23, 2025
icemac Nico-Posada
dataflake tseaver
Apache Wicket: An attacker can intentionally trigger a memory leak Critical
CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025
phpMyAdmin XSS when checking tables Moderate
CVE-2025-24530 was published for phpmyadmin/phpmyadmin (Composer) Jan 23, 2025
Cross site scripting in Silverpeas Core Moderate
CVE-2024-56923 was published for org.silverpeas.core:silverpeas-core (Maven) Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template Moderate
CVE-2025-24027 was published for prestashop/ps_contactinfo (Composer) Jan 22, 2025
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
DoS in Cilium agent DNS proxy from crafted DNS responses Moderate
CVE-2025-23028 was published for github.com/cilium/cilium (Go) Jan 22, 2025
bimmlerd kokelley-cisco
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
Property reflection in System.Linq.Dynamic.Core High
CVE-2024-51417 was published for System.Linq.Dynamic.Core (NuGet) Jan 21, 2025
XSS/HTML Injection Vulnerability in Umbraco Preview Badge Moderate
GHSA-69cg-w8vm-h229 was published for Umbraco.Cms (NuGet) Jan 21, 2025
kushkira
Buildah allows build breakout using malicious Containerfiles and concurrent builds High
CVE-2024-11218 was published for github.com/containers/buildah (Go) Jan 21, 2025
eriksjolund
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database