Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22,807 advisories

Loading
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-2x5j-vhc8-9cwm was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Nautobot may allows uploaded media files to be accessible without authentication Moderate
CVE-2025-49143 was published for nautobot (pip) Jun 10, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx High
GHSA-68cf-j696-wvv9 was published for org.geoserver:gs-wfs (Maven) Jun 10, 2025
felixmaechtle nils-loose
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating Moderate
CVE-2025-49142 was published for nautobot (pip) Jun 10, 2025
mzbroch
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator Moderate
CVE-2025-48937 was published for matrix-sdk-crypto (Rust) Jun 10, 2025
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint Moderate
CVE-2025-48879 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
GeoServer Infinite Loop Vulnerability in Jiffle process High
CVE-2025-30145 was published for org.geoserver.extension:gs-wps-core (Maven) Jun 10, 2025
sikeoka
GeoServer Missing Authorization on REST API Index Moderate
CVE-2025-27505 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Erxes Incorrect Access Control vulnerability High
CVE-2024-57190 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability High
CVE-2024-57186 was published for erxes (npm) Jun 10, 2025
Coverage REST API Server Side Request Forgery Moderate
CVE-2024-40625 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
trganda jodygarnett
GWC Home Page communicate version and revision information Moderate
CVE-2024-38524 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith felixmaechtle
davidblasby nils-loose jodygarnett aaime
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability Moderate
CVE-2025-27817 was published for org.apache.kafka:kafka-clients (Maven) Jun 10, 2025
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling Critical
GHSA-826p-4gcg-35vw was published for org.geotools:gt-wfs-ng (Maven) Jun 9, 2025
aaime jodygarnett
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
brace-expansion Regular Expression Denial of Service vulnerability Low
CVE-2025-5889 was published for brace-expansion (npm) Jun 9, 2025
ProTip! Advisories are also available from the GraphQL API