Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

9,262 advisories

Loading
rust-openssl ssl::select_next_proto use after free Moderate
CVE-2025-24898 was published for openssl (Rust) Feb 3, 2025
mmastrac
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
GHSA-2ccp-vqmv-4r4x was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
CometBFT allows a malicious peer to make node stuck in blocksync Moderate
CVE-2025-24371 was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpspreadsheet (Composer) Feb 3, 2025
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 30, 2025
svghadi
KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources Moderate
CVE-2025-24376 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Go Ethereum vulnerable to DoS via malicious p2p message Moderate
CVE-2025-24883 was published for github.com/ethereum/go-ethereum (Go) Jan 30, 2025
Argo CD GitOps Engine does not scrub secret values from patch errors Moderate
GHSA-274v-mgcv-cm8j was published for github.com/argoproj/gitops-engine (Go) Jan 30, 2025
svghadi
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
fast-fault has a segmentation fault due to lack of bound check Moderate
GHSA-8655-xgh5-5vvq was published for fast-float (Rust) Jan 29, 2025
fast-float2 has a segmentation fault due to lack of bound check Moderate
GHSA-jqcp-xc3v-f446 was published for fast-float2 (Rust) Jan 29, 2025
Snowflake.Data has weak temporary files permissions Moderate
CVE-2025-24788 was published for Snowflake.Data (NuGet) Jan 29, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache Moderate
CVE-2025-24794 was published for snowflake-connector-python (pip) Jan 29, 2025
snowflake-connector-python vulnerable to insecure cache files permissions Moderate
CVE-2025-24795 was published for snowflake-connector-python (pip) Jan 29, 2025
kube-audit-rest's example logging configuration could disclose secret values in the audit log Moderate
CVE-2025-24884 was published for github.com/RichardoC/kube-audit-rest (Go) Jan 29, 2025
github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read Moderate
GHSA-29qp-crvh-w22m was published for github.com/hashicorp/yamux (Go) Jan 29, 2025
snowflake-sdk may incorrectly validate temporary credential cache file permissions Moderate
CVE-2025-24791 was published for snowflake-sdk (npm) Jan 29, 2025
Snowflake JDBC uses insecure temporary credential cache file permissions Moderate
CVE-2025-24790 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
Twig security issue where escaping was missing when using null coalesce operator Moderate
CVE-2025-24374 was published for twig/twig (Composer) Jan 29, 2025
PhilETaylor fabpot
RuoYi vulnerable to Denial of Service by attackers with admin privileges Moderate
CVE-2024-57439 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
RuoYi has insecure permissions Moderate
CVE-2024-57438 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database