Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,713 advisories

Loading
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
Para Server Logs Sensitive Information Moderate
GHSA-v75g-77vf-6jjq was published for com.erudika:para-server (Maven) May 30, 2025
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller BagToad
babakks matt- shilpakum vcsjones
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to clear Google OAuth credentials Moderate
CVE-2025-2571 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly invalidate personal access tokens upon user deactivation Moderate
CVE-2025-3230 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Apache Superset: Improper authorization bypass on row level security via SQL Injection High
CVE-2025-48912 was published for apache-superset (pip) May 30, 2025
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies High
CVE-2025-41235 was published for org.springframework.cloud:spring-cloud-gateway-server (Maven) May 30, 2025
Gradio Allows Unauthorized File Copy via Path Manipulation Moderate
CVE-2025-48889 was published for gradio (pip) May 29, 2025
jjjutla nkoorty
Navidrome Transcoding Permission Bypass Vulnerability Report High
CVE-2025-48948 was published for github.com/navidrome/navidrome (Go) May 29, 2025
lujiefsi
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
Mattermost improperly allows team administrators to modify team invites Moderate
CVE-2025-3913 was published for github.com/mattermost/mattermost/server/v8 (Go) May 29, 2025
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
PHPOffice Math allows XXE when processing an XML file in the MathML format High
CVE-2025-48882 was published for phpoffice/math (Composer) May 29, 2025
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Information exposure in Next.js dev server due to lack of origin verification Low
CVE-2025-48068 was published for next (npm) May 28, 2025
sapphi-red R4356th
multicast in source builds from vulnerable setuptools dependency Moderate
GHSA-94v7-wxj6-r2q5 was published for multicast (pip) May 28, 2025
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
CVE-2025-48944 was published for vllm (pip) May 28, 2025
russellb Jason-CKY
vLLM allows clients to crash the openai server with invalid regex Moderate
CVE-2025-48943 was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
vLLM DOS: Remotely kill vllm over http with invalid JSON schema Moderate
CVE-2025-48942 was published for vllm (pip) May 28, 2025
derekhiggins Jason-CKY
russellb
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh DarkLight1337
russellb
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database