Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,520
Erlang
33
GitHub Actions
25
Go
2,215
Maven
5,000+
npm
3,885
NuGet
697
pip
3,654
Pub
12
RubyGems
913
Rust
932
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,054 advisories

Loading
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use Moderate
GHSA-wr2m-38xh-rpc9 was published for lemmy_server (Rust) Apr 8, 2025
Nothing4You
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
Tokio broadcast channel calls clone in parallel, but does not require `Sync` Low
GHSA-rr8g-9fpq-6wmg was published for tokio (Rust) Apr 7, 2025
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation Moderate
CVE-2025-32029 was published for @apeleghq/asn1-der (npm) Apr 7, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd
estree-util-value-to-estree allows prototype pollution in generated ESTree Moderate
CVE-2025-32014 was published for estree-util-value-to-estree (npm) Apr 7, 2025
remcohaszing
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing High
GHSA-3j43-9v8v-cp3f was published for apollo-router (Rust) Apr 7, 2025
yo-artyom
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
CVE-2025-32033 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32034 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32032 was published for apollo-router (Rust) Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users Moderate
GHSA-9c4c-g95m-c8cp was published for flowise (npm) Apr 7, 2025
Tribal1012
Picklescan failed to detect to some unsafe global function in Numpy library Moderate
GHSA-fj43-3qmq-673f was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
GHSA-93mv-x874-956g was published for picklescan (pip) Apr 7, 2025
david3107
js-object-utilities Vulnerable to Prototype Pollution High
GHSA-hpqf-m68j-2pfx was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
tarteaucitron.js allows url scheme injection via unfiltered inputs Moderate
CVE-2025-31476 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
tarteaucitron.js allows prototype pollution via custom text injection Moderate
CVE-2025-31475 was published for tarteaucitronjs (npm) Apr 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database