Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb atrol
dregad
Credited to jrckmcsb, atrol, and dregad
MantisBT lacks verification when changing a user's email address Moderate
CVE-2025-55155 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
ncrcs dregad
Credited to ncrcs and dregad
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
Credited to Malayke and cylewaitforit
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng dregad
Credited to TheAmazeng and dregad
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
Liferay Portal and DXP do not check permissions of images in a blog entry Moderate
CVE-2025-62275 was published for com.liferay:com.liferay.blogs.item.selector.web (Maven) Nov 1, 2025
Liferay Portal and DXP use an incorrect cache-control header Moderate
CVE-2025-62276 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Nov 1, 2025
Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page Moderate
CVE-2025-62267 was published for com.liferay:com.liferay.dynamic.data.mapping.item.selector.web (Maven) Oct 31, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo dirkbrnd
Credited to JasonLovesDoggo and dirkbrnd
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter Moderate
CVE-2025-62264 was published for com.liferay.portal:release.portal.bom (Maven) Oct 31, 2025
Ansible does not collect garbage after playbook run Moderate
CVE-2020-25635 was published for ansible (pip) Oct 31, 2025
cryptidy allows code execution via untrusted data due to pickle.loads Moderate
CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025
Scrapy with Brotli is vulnerable to a denial of service (DoS) attack due to decompression High
CVE-2025-6176 was published for Scrapy (pip) Oct 31, 2025
smithcoin
Credited to smithcoin
Liferay Portal is vulnerable to XSS in the Blogs widget Moderate
CVE-2025-62265 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
sqls-server/sqls is vulnerable to command injection in the config command High
CVE-2025-61141 was published for github.com/sqls-server/sqls (Go) Oct 30, 2025
Liferay Portal is vulnerable to DNS rebinding attacks Moderate
CVE-2025-62266 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Keras keras.utils.get_file API is vulnerable to a path traversal attack High
CVE-2025-12060 was published for keras (pip) Oct 30, 2025
Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation High
CVE-2025-64112 was published for statamic/cms (Composer) Oct 30, 2025
wojtekchwala
Credited to wojtekchwala
node-tar has a race condition leading to uninitialized memory exposure Moderate
CVE-2025-64118 was published for tar (npm) Oct 30, 2025
ChALkeR
Credited to ChALkeR
gnark-crypto allows unchecked memory allocation during vector deserialization High
GHSA-fj2x-735w-74vq was published for github.com/consensys/gnark-crypto (Go) Oct 30, 2025
raefko
Credited to raefko
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Low
GHSA-cf57-c578-7jvv was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook High
CVE-2025-62726 was published for n8n (npm) Oct 30, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
Apache Airflow has a command injection vulnerability in "example_dag_decorator" Moderate
CVE-2025-54941 was published for apache-airflow (pip) Oct 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database