GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11,004 advisories
willitmerge has a Command Injection vulnerability
Moderate
GHSA-j9wj-m24m-7jj6
was published
for
willitmerge
(npm)
Nov 26, 2025
node-forge is vulnerable to ASN.1 OID Integer Truncation
Moderate
CVE-2025-66030
was published
for
node-forge
(npm)
Nov 26, 2025
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Moderate
CVE-2025-66026
was published
for
redaxo/source
(Composer)
Nov 25, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Moderate
CVE-2025-66028
was published
for
@oneuptime/common
(npm)
Nov 25, 2025
Contao is vulnerable to remote code execution in template closures
Moderate
CVE-2025-65960
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
Moderate
CVE-2025-21621
was published
for
org.geoserver.web:gs-web-app
(Maven)
Nov 25, 2025
body-parser is vulnerable to denial of service when url encoding is used
Moderate
CVE-2025-13466
was published
for
body-parser
(npm)
Nov 25, 2025
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
CVE-2025-66019
was published
for
pypdf
(pip)
Nov 24, 2025
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Moderate
CVE-2025-65956
was published
for
getformwork/formwork
(Composer)
Nov 24, 2025
MLX has Wild Pointer Dereference in load_gguf()
Moderate
CVE-2025-62609
was published
for
mlx
(pip)
Nov 21, 2025
MLX has heap-buffer-overflow in load()
Moderate
CVE-2025-62608
was published
for
mlx
(pip)
Nov 21, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
ProTip!
Advisories are also available from the
GraphQL API