Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
irene221b
Credited to irene221b
Wasmtime provides unsound API access to a WebAssembly shared linear memory Low
CVE-2025-64345 was published for wasmtime (Rust) Nov 12, 2025
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector Moderate
CVE-2025-52434 was published for org.apache.tomcat:tomcat-util (Maven) Jul 10, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo dirkbrnd
Credited to JasonLovesDoggo and dirkbrnd
Shopware race condition bypasses voucher restrictions Moderate
CVE-2025-7954 was published for shopware/platform (Composer) Aug 6, 2025
node-tar has a race condition leading to uninitialized memory exposure Moderate
CVE-2025-64118 was published for tar (npm) Oct 30, 2025
ChALkeR
Credited to ChALkeR
Repository Credentials Race Condition Crashes Argo CD Server Moderate
CVE-2025-55191 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
thevilledev
Credited to thevilledev
Next.js Race Condition to Cache Poisoning Low
CVE-2025-32421 was published for next (npm) May 15, 2025
cold-try
Credited to cold-try
Undertow vulnerable to Race Condition High
CVE-2024-7885 was published for io.undertow:undertow-core (Maven) Aug 21, 2024
jw123023
Credited to jw123023
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott hybrist
Credited to alan-agius4, jelbourn, josephperrott, thePunderWoman, atscott, and hybrist
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat High
CVE-2016-8745 was published for org.apache.tomcat:tomcat-util (Maven) May 14, 2022
sunSUNQ anlakii
Credited to sunSUNQ and anlakii
Webargs mishandles concurrent JSON parsing High
CVE-2019-9710 was published for webargs (pip) Mar 12, 2019
saip007
Credited to saip007
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Credited to scottaddie and localden
Timing based private key exposure in Bouncy Castle Moderate
CVE-2020-15522 was published for BouncyCastle (Maven) Aug 13, 2021
klaudialax
Credited to klaudialax
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
Credited to snyff
process_lock has a Potential Unsound issue in unlock Low
CVE-2025-48751 was published for process_lock (Rust) May 24, 2025
Data races in lock_api Moderate
CVE-2020-35910 was published for lock_api (Rust) Aug 25, 2021
AnonySE26
Credited to AnonySE26
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
Rack session gets restored after deletion Moderate
CVE-2025-46336 was published for rack-session (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Credited to stengineering0, jeremyevans, and ioquatix
Rack session gets restored after deletion Moderate
CVE-2025-32441 was published for rack (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Credited to stengineering0, jeremyevans, and ioquatix
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability High
CVE-2024-38229 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 8, 2024
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters Moderate
CVE-2025-32793 was published for github.com/cilium/cilium (Go) Apr 21, 2025
julianwiedmann
Credited to julianwiedmann
Smack allows the bypass of TLS protections Moderate
CVE-2016-10027 was published for org.igniterealtime.smack:smack-core (Maven) May 13, 2022
Moby Race Condition vulnerability High
CVE-2024-36623 was published for github.com/moby/moby (Go) Nov 29, 2024
kbsteere
Credited to kbsteere
Kubernetes kube-apiserver Vulnerable to Race Condition Low
CVE-2024-7598 was published for k8s.io/kubernetes/cmd/kube-apiserver (Go) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database