GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21,093 advisories
Zot IdP group membership revocation ignored
High
CVE-2025-23208
was published
for
zotregistry.dev/zot
(Go)
Jan 17, 2025
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
KaTeX \htmlData does not validate attribute names
Moderate
CVE-2025-23207
was published
for
katex
(npm)
Jan 17, 2025
Flarum's logout Route allows open redirects
Moderate
CVE-2024-21641
was published
for
flarum/core
(Composer)
Jan 5, 2024
Mongoose search injection vulnerability
Critical
CVE-2025-23061
was published
for
mongoose
(npm)
Jan 15, 2025
Missing Authorization in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000105
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
High
CVE-2022-23496
was published
for
nl.basjes.parse.useragent:yauaa
(Maven)
Dec 8, 2022
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
veraPDF has potential XSLT injection vulnerability when using policy files
High
CVE-2024-28109
was published
for
org.verapdf:core
(Maven)
May 20, 2024
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moderate
CVE-2022-36109
was published
for
github.com/docker/docker
(Go)
Sep 16, 2022
Vyper's `_abi_decode` vulnerable to Memory Overflow
Low
CVE-2024-26149
was published
for
vyper
(pip)
Feb 26, 2024
Librenms has a reflected XSS on error alert
Moderate
CVE-2025-23201
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Misc Section Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23200
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Display Name Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23198
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Ports Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23199
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
ProTip!
Advisories are also available from the
GraphQL API