GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11,092 advisories
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
Moderate
CVE-2025-47914
was published
for
golang.org/x/crypto
(Go)
Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
Moderate
CVE-2025-65026
was published
for
github.com/esm-dev/esm.sh
(Go)
Nov 19, 2025
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
Moderate
CVE-2025-64765
was published
for
astro
(npm)
Nov 19, 2025
authentik's invitation expiry is delayed by at least 5 minutes
Moderate
CVE-2025-64708
was published
for
goauthentik.io
(Go)
Nov 19, 2025
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
Moderate
CVE-2025-65093
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Moderate
CVE-2025-65013
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message
Moderate
CVE-2025-64758
was published
for
@dependencytrack/frontend
(npm)
Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
Directus has Improper Permission Handling on Deleted Fields
Moderate
CVE-2025-64746
was published
for
directus
(npm)
Nov 14, 2025
Shopware 6's password recovery link does not expire after email change
Moderate
GHSA-2w46-vq8h-98vh
was published
for
shopware/core
(Composer)
Nov 14, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Moderate
CVE-2025-64714
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
ProTip!
Advisories are also available from the
GraphQL API