Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Gardener allows metadata injection for a project secret which can lead to privilege escalation Critical
CVE-2025-47284 was published for github.com/gardener/gardener (Go) May 19, 2025
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal taxone
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed
CVE-2024-58251 was published Apr 23, 2025
gurk (aka gurk-rs) mishandles ANSI escape sequences Moderate
CVE-2025-30089 was published for gurk (Rust) Mar 17, 2025
Malayke
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute... High Unreviewed
CVE-2025-0975 was published Feb 28, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
Crayfish allows Remote Code Execution via Homarus Authorization header Critical
CVE-2025-25286 was published for islandora/crayfish (Composer) Jan 15, 2025
seth-shaw-asu adam-vessey
jte's HTML templates containing Javascript template strings are subject to XSS Moderate
CVE-2025-23026 was published for gg.jte:jte (Maven) Jan 13, 2025
Petersoj
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
Jinja has a sandbox breakout through malicious filenames Moderate
CVE-2024-56201 was published for jinja2 (pip) Dec 23, 2024
sleiner sisp
frenzymadness
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI... High Unreviewed
CVE-2024-36052 was published May 21, 2024
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen... High Unreviewed
CVE-2024-33899 was published Apr 29, 2024
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape... Low Unreviewed
CVE-2024-28085 was published Mar 27, 2024
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping High
CVE-2024-27936 was published for deno (Rust) Mar 5, 2024
Ry0taK westonsteimel
Shescape on Windows escaping may be bypassed in threaded context High
CVE-2023-40185 was published for shescape (npm) Aug 22, 2023
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta... Critical Unreviewed
CVE-2023-3265 was published Aug 14, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
tristan-f-r
XWiki Platform may allow privilege escalation to programming rights via user's first name Critical
CVE-2023-26055 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Mar 3, 2023
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0... High Unreviewed
CVE-2021-25310 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database