GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,474
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,845
NuGet
696
pip
3,635
Pub
12
RubyGems
911
Rust
912
Swift
38
Unreviewed advisories
All unreviewed
5,000+
7,793 advisories
Filter by severity
Frappe vulnerable to information disclosure leading to account takeover
High
CVE-2025-30214
was published
for
frappe
(pip)
Mar 25, 2025
ingress-nginx controller - configuration injection via unsanitized mirror annotations
High
CVE-2025-1098
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
High
CVE-2025-1097
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
High
CVE-2025-24514
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
OpenDaylight SFC Denial of Service (DoS)
High
CVE-2025-29313
was published
for
org.opendaylight.sfc:odl-sfc-openflow-renderer
(Maven)
Mar 24, 2025
Apache Commons VFS Has Relative Path Traversal Vulnerability
High
CVE-2025-27553
was published
for
org.apache.commons:commons-vfs2
(Maven)
Mar 23, 2025
nossrf Server-Side Request Forgery (SSRF)
High
CVE-2025-2691
was published
for
nossrf
(npm)
Mar 23, 2025
jwt-go allows excessive memory allocation during header parsing
High
CVE-2025-30204
was published
for
github.com/golang-jwt/jwt/v4
(Go)
Mar 21, 2025
PipeCD Vulnerable to Privilege Escalation
High
CVE-2024-53351
was published
for
github.com/pipe-cd/pipecd
(Go)
Mar 21, 2025
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
High
CVE-2025-30160
was published
for
redlib
(Rust)
Mar 21, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints
High
CVE-2025-25068
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Mar 21, 2025
Ollama Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2025-0315
was published
for
github.com/ollama/ollama
(Go)
Mar 20, 2025
Ollama Divide By Zero vulnerability
High
CVE-2025-0317
was published
for
github.com/ollama/ollama
(Go)
Mar 20, 2025
LiteLLM Has a Leakage of Langfuse API Keys
High
CVE-2025-0330
was published
for
litellm
(pip)
Mar 20, 2025
LiteLLM Has an Improper Authorization Vulnerability
High
CVE-2025-0628
was published
for
litellm
(pip)
Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability
High
CVE-2025-0189
was published
for
aim
(pip)
Mar 20, 2025
Aim Excessive Data Query Operations in a Large Data Table vulnerability
High
CVE-2025-0190
was published
for
aim
(pip)
Mar 20, 2025
LiteLLM Reveals Portion of API Key via a Logging File
High
CVE-2024-9606
was published
for
litellm
(pip)
Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
High
CVE-2024-9840
was published
for
open-webui
(npm)
Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry
High
CVE-2024-9340
was published
for
zenml
(pip)
Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary
High
CVE-2024-9056
was published
for
bentoml
(pip)
Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary
High
CVE-2024-9229
was published
for
quivr-core
(pip)
Mar 20, 2025
Gradio DOS in multipart boundry while uploading the file
High
CVE-2024-8966
was published
for
gradio
(pip)
Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
High
CVE-2024-8984
was published
for
litellm
(pip)
Mar 20, 2025
Composio Eval Injection Vulnerability
High
CVE-2024-8953
was published
for
composio-core
(pip)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API