GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
22,048 advisories
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
estree-util-value-to-estree allows prototype pollution in generated ESTree
Moderate
CVE-2025-32014
was published
for
estree-util-value-to-estree
(npm)
Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
High
GHSA-3j43-9v8v-cp3f
was published
for
apollo-router
(Rust)
Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users
Moderate
GHSA-9c4c-g95m-c8cp
was published
for
flowise
(npm)
Apr 7, 2025
Picklescan failed to detect to some unsafe global function in Numpy library
Moderate
GHSA-fj43-3qmq-673f
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
GHSA-93mv-x874-956g
was published
for
picklescan
(pip)
Apr 7, 2025
js-object-utilities Vulnerable to Prototype Pollution
High
GHSA-hpqf-m68j-2pfx
was published
for
js-object-utilities
(npm)
Apr 7, 2025
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback
Critical
CVE-2025-32013
was published
for
lnbits
(pip)
Apr 7, 2025
tarteaucitron.js allows url scheme injection via unfiltered inputs
Moderate
CVE-2025-31476
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
Jujutsu does not have SHA-1 collision detection
Moderate
GHSA-794x-2rpg-rfgr
was published
for
jj-cli
(Rust)
Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Moderate
CVE-2025-31138
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
gitoxide does not detect SHA-1 collision attacks
Moderate
CVE-2025-31130
was published
for
gitoxide
(Rust)
Apr 4, 2025
ProTip!
Advisories are also available from the
GraphQL API