Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,828
Erlang
36
GitHub Actions
33
Go
2,445
Maven
5,000+
npm
4,061
NuGet
723
pip
3,861
Pub
12
RubyGems
943
Rust
1,007
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,486 advisories

Loading
Active Storage allowed transformation methods that were potentially unsafe High
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
Helm May Panic Due To Incorrect YAML Content Moderate
CVE-2025-55198 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion Moderate
CVE-2025-55199 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum AnatBB
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901
Active Record logging vulnerable to ANSI escape injection Moderate
CVE-2025-55193 was published for activerecord (RubyGems) Aug 13, 2025
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
jakiki6 stefan6419846
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access High
CVE-2025-55196 was published for github.com/external-secrets/external-secrets (Go) Aug 13, 2025
moolen
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
OMERO.web displays unecessary user information when requesting password reset Moderate
CVE-2025-54791 was published for omero-web (pip) Aug 13, 2025
OliveTin OS Command Injection vulnerability High
CVE-2025-50946 was published for github.com/OliveTin/OliveTin (Go) Aug 13, 2025
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat:tomcat-coyote (Maven) Aug 13, 2025
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms High
CVE-2025-52392 was published for soosyze/soosyze (Composer) Aug 13, 2025
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43734 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
svg-sanitizer Bypasses Attribute Sanitization Moderate
CVE-2025-55166 was published for enshrined/svg-sanitize (Composer) Aug 12, 2025
ohader realazizk
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality High
CVE-2025-8747 was published for keras (pip) Aug 12, 2025
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE High
CVE-2025-55164 was published for content-security-policy-parser (npm) Aug 12, 2025
pnappa EvanHahn
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability Moderate
CVE-2025-43735 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 12, 2025
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability Moderate
CVE-2025-43736 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers Moderate
CVE-2025-55152 was published for @oakserver/oak (npm) Aug 12, 2025
dellalibera
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass High
GHSA-9gvj-pp9x-gcfr was published for picklescan (pip) Aug 12, 2025
Lyutoon
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter High
CVE-2025-55156 was published for pyload-ng (pip) Aug 12, 2025
cyjhhh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database