Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,286 advisories

Loading
GeoNetwork search end-point information disclosure in response headers Moderate
CVE-2024-32037 was published for org.geonetwork-opensource:gn-services (Maven) Feb 11, 2025
josegar74 jodygarnett
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska pcreager23
Directus allows privilege escalation using Share feature Moderate
CVE-2025-24353 was published for @directus/app (npm) Jan 23, 2025
viters m3t3kh4n
PandasAI interactive prompt function Remote Code Execution (RCE) Critical
CVE-2024-12366 was published for pandasai (pip) Feb 11, 2025
Vulnerable OpenSSL included in cryptography wheels Low
CVE-2024-12797 was published for cryptography (pip) Feb 11, 2025
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` Moderate
CVE-2025-25202 was published for ash_authentication (Erlang) Feb 11, 2025
wilburyang zachdaniel
jimsynz
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio
Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log Moderate
CVE-2024-52067 was published for org.apache.nifi:nifi-framework-core (Maven) Feb 11, 2025
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
Distribution's token authentication allows to inject an untrusted signing key in a JWT High
CVE-2025-24976 was published for github.com/distribution/distribution/v3 (Go) Feb 11, 2025
evanebb
SQL injection in Apache Traffic Control High
CVE-2024-45387 was published for github.com/apache/trafficcontrol/v8 (Go) Dec 23, 2024
Apache CXF: Denial of Service vulnerability with temporary files High
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions High
CVE-2025-23015 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Apache James vulnerable to denial of service through JMAP HTML to text conversion High
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
Apache MINA Deserialization RCE Vulnerability Critical
CVE-2024-52046 was published for org.apache.mina:mina-core (Maven) Dec 25, 2024
Malayke
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
pgAdmin Remote Code Execution (RCE) vulnerability High
CVE-2024-3116 was published for pgadmin4 (pip) Apr 4, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability Critical
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability High
CVE-2024-43383 was published for Lucene.Net.Replicator (NuGet) Oct 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database