GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
22,482 advisories
Rack has an Unbounded-Parameter DoS in Rack::QueryParser
High
CVE-2025-46727
was published
for
rack
(RubyGems)
May 8, 2025
Rack session gets restored after deletion
Moderate
CVE-2025-46336
was published
for
rack-session
(RubyGems)
May 8, 2025
Rack session gets restored after deletion
Moderate
CVE-2025-32441
was published
for
rack
(RubyGems)
May 8, 2025
JRuby-OpenSSL has hostname verification disabled by default
Moderate
CVE-2025-46551
was published
for
org.jruby:jruby
(Maven)
May 7, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
ZITADEL Allows IdP Intent Token Reuse
High
CVE-2025-46815
was published
for
github.com/zitadel/zitadel
(Go)
May 6, 2025
goshs route not protected, allows command execution
Critical
CVE-2025-46816
was published
for
github.com/patrickhener/goshs
(Go)
May 6, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response
Moderate
CVE-2025-46736
was published
for
Umbraco.Cms
(NuGet)
May 6, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`
Low
CVE-2025-46735
was published
for
github.com/nrkno/terraform-provider-windns
(Go)
May 6, 2025
ProTip!
Advisories are also available from the
GraphQL API