Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,676
Maven
5,000+
npm
4,298
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-8wj8-cfxr-9374 was published for aws-advanced-nodejs-wrapper (npm) Nov 13, 2025
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance High
GHSA-7wq2-32h4-9hc9 was published for github.com/aws/aws-advanced-go-wrapper/awssql (Go) Nov 13, 2025
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-7xw4-g7mm-r4hh was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Nov 13, 2025
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
CVE-2025-12967 was published for aws_advanced_python_wrapper (pip) Nov 13, 2025
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz... Critical Unreviewed
CVE-2025-63690 was published Nov 7, 2025
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet
Credited to Chisnet
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2025-53693 was published Sep 3, 2025
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection... High Unreviewed
CVE-2025-3600 was published May 14, 2025
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework High
CVE-2025-31119 was published for generator-jhipster-entity-audit (npm) Apr 4, 2025
OmarHawk
Credited to OmarHawk
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to... High Unreviewed
CVE-2025-2794 was published Mar 31, 2025
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the... High Unreviewed
CVE-2024-7059 was published Nov 5, 2024
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code... Critical Unreviewed
CVE-2024-8015 was published Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8048 was published Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8014 was published Oct 9, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is... High Unreviewed
CVE-2024-6096 was published Jul 24, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Moderate Unreviewed
CVE-2024-1574 was published Jul 4, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
Credited to zonia3000, mtangoo, iBotPeaches, and rob006
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
Credited to FelixMartel, marcoroth, and matt-phylum
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2023-6943 was published Jan 30, 2024
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to... High Unreviewed
CVE-2024-0200 was published Jan 16, 2024
In multiple locations, there is a possible way to import contacts belonging to other users due to... Moderate Unreviewed
CVE-2023-35680 was published Sep 11, 2023
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels... High Unreviewed
CVE-2023-32217 was published Jul 6, 2023
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a... High Unreviewed
CVE-2023-0460 was published Jul 6, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by... Moderate Unreviewed
CVE-2023-37207 was published Jul 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database