GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,666 advisories
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
Low
CVE-2025-66453
was published
for
org.mozilla:rhino
(Maven)
Dec 3, 2025
Better Auth affected by external request basePath modification DoS
Low
GHSA-569q-mpph-wgww
was published
for
better-auth
(npm)
Dec 1, 2025
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Low
GHSA-rcmh-qjqh-p98v
was published
for
nodemailer
(npm)
Dec 1, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
Withdrawn Advisory: express improperly controls modification of query properties
Low
CVE-2024-51999
was published
for
express
(npm)
Dec 1, 2025
•
withdrawn
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Low
GHSA-wmjr-v86c-m9jj
was published
for
better-auth
(npm)
Nov 26, 2025
Contao is vulnerable to cross-site scripting in templates
Low
CVE-2025-65961
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM
Low
CVE-2025-65942
was published
for
github.com/VictoriaMetrics/VictoriaMetrics
(Go)
Nov 25, 2025
ProTip!
Advisories are also available from the
GraphQL API