GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,328
Maven
5,000+
npm
3,965
NuGet
712
pip
3,745
Pub
12
RubyGems
921
Rust
974
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,807 advisories
Filter by severity
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Low
GHSA-2x5j-vhc8-9cwm
was published
for
github.com/cloudflare/circl
(Go)
Jun 10, 2025
Nautobot may allows uploaded media files to be accessible without authentication
Moderate
CVE-2025-49143
was published
for
nautobot
(pip)
Jun 10, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
High
GHSA-68cf-j696-wvv9
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 10, 2025
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Moderate
CVE-2025-49142
was published
for
nautobot
(pip)
Jun 10, 2025
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
Moderate
CVE-2025-48937
was published
for
matrix-sdk-crypto
(Rust)
Jun 10, 2025
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
Moderate
CVE-2025-48879
was published
for
OctoPrint
(pip)
Jun 10, 2025
OctoPrint vulnerable to possible file extraction via upload endpoints
Moderate
CVE-2025-48067
was published
for
OctoPrint
(pip)
Jun 10, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
High
GHSA-2p76-gc46-5fvc
was published
for
org.geonetwork-opensource:gn-web-app
(Maven)
Jun 10, 2025
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
High
CVE-2025-30220
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer Infinite Loop Vulnerability in Jiffle process
High
CVE-2025-30145
was published
for
org.geoserver.extension:gs-wps-core
(Maven)
Jun 10, 2025
GeoServer Missing Authorization on REST API Index
Moderate
CVE-2025-27505
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
Erxes Incorrect Access Control vulnerability
High
CVE-2024-57190
was published
for
erxes
(npm)
Jun 10, 2025
Erxes Path Traversal vulnerability
Moderate
CVE-2024-57189
was published
for
erxes
(npm)
Jun 10, 2025
Coverage REST API Server Side Request Forgery
Moderate
CVE-2024-40625
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GWC Home Page communicate version and revision information
Moderate
CVE-2024-38524
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Critical
CVE-2024-34711
was published
for
org.geoserver.main:gs-main
(Maven)
Jun 10, 2025
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
High
CVE-2024-29198
was published
for
org.geoserver.web:gs-app
(Maven)
Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability
High
CVE-2025-27819
was published
for
org.apache.kafka:kafka
(Maven)
Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability
High
CVE-2025-27818
was published
for
org.apache.kafka:kafka
(Maven)
Jun 10, 2025
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
Moderate
CVE-2025-27817
was published
for
org.apache.kafka:kafka-clients
(Maven)
Jun 10, 2025
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling
Critical
GHSA-826p-4gcg-35vw
was published
for
org.geotools:gt-wfs-ng
(Maven)
Jun 9, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability
Moderate
CVE-2025-5896
was published
for
taro-css-to-react-native
(npm)
Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
Moderate
CVE-2025-5897
was published
for
@vue/cli-plugin-pwa
(npm)
Jun 9, 2025
brace-expansion Regular Expression Denial of Service vulnerability
Low
CVE-2025-5889
was published
for
brace-expansion
(npm)
Jun 9, 2025
ProTip!
Advisories are also available from the
GraphQL API