GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,997 advisories
Contao is vulnerable to remote code execution in template closures
Moderate
CVE-2025-65960
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
Moderate
CVE-2025-21621
was published
for
org.geoserver.web:gs-web-app
(Maven)
Nov 25, 2025
body-parser is vulnerable to denial of service when url encoding is used
Moderate
CVE-2025-13466
was published
for
body-parser
(npm)
Nov 25, 2025
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
GHSA-m449-cwjh-6pw7
was published
for
pypdf
(pip)
Nov 24, 2025
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Moderate
CVE-2025-65956
was published
for
getformwork/formwork
(Composer)
Nov 24, 2025
MLX has Wild Pointer Dereference in load_gguf()
Moderate
CVE-2025-62609
was published
for
mlx
(pip)
Nov 21, 2025
MLX has heap-buffer-overflow in load()
Moderate
CVE-2025-62608
was published
for
mlx
(pip)
Nov 21, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
Moderate
CVE-2025-47914
was published
for
golang.org/x/crypto
(Go)
Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
Moderate
CVE-2025-65026
was published
for
github.com/esm-dev/esm.sh
(Go)
Nov 19, 2025
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
Moderate
CVE-2025-64765
was published
for
astro
(npm)
Nov 19, 2025
ProTip!
Advisories are also available from the
GraphQL API