Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,658 advisories

Loading
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login Critical
CVE-2025-67494 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server Critical
CVE-2025-67489 was published for @vitejs/plugin-rsc (npm) Dec 8, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation Critical
CVE-2025-66568 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-66567 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook Critical
CVE-2025-65964 was published for n8n (npm) Dec 8, 2025
Malayke
Credited to Malayke
SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting... Critical Unreviewed
CVE-2025-64081 was published Dec 8, 2025
In multiple locations, there is a possible way to launch an application from the background due... Critical Unreviewed
CVE-2025-48626 was published Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors
Credited to sixcolors
Emby Server API Vulnerability allowing to gain administrative access without precondition Critical
CVE-2025-64113 was published for MediaBrowser.Server.Core (NuGet) Dec 8, 2025
tembybot
Credited to tembybot
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-27020 was published Dec 8, 2025
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize... Critical Unreviewed
CVE-2025-27019 was published Dec 8, 2025
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress... Critical Unreviewed
CVE-2025-13377 was published Dec 6, 2025
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-12673 was published Dec 6, 2025
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed
CVE-2025-34291 was published Dec 6, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key... Critical Unreviewed
CVE-2025-34256 was published Dec 5, 2025
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2020-36877 was published Dec 5, 2025
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed
CVE-2025-12374 was published Dec 5, 2025
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset... Critical Unreviewed
CVE-2025-13313 was published Dec 5, 2025
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in... Critical Unreviewed
CVE-2025-66571 was published Dec 4, 2025
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. Critical Unreviewed
CVE-2025-29268 was published Dec 4, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Critical Unreviewed
CVE-2025-63362 was published Dec 4, 2025
Apache Tika has XXE vulnerability Critical
CVE-2025-66516 was published for org.apache.tika:tika-core (Maven) Dec 4, 2025
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are... Critical Unreviewed
CVE-2025-54303 was published Dec 4, 2025
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are... Critical Unreviewed
CVE-2025-54304 was published Dec 4, 2025
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an... Critical Unreviewed
CVE-2025-53963 was published Dec 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database