GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,655 advisories
Better Auth affected by external request basePath modification DoS
Low
GHSA-569q-mpph-wgww
was published
for
better-auth
(npm)
Dec 1, 2025
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Low
GHSA-rcmh-qjqh-p98v
was published
for
nodemailer
(npm)
Dec 1, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
express improperly controls modification of query properties
Low
CVE-2024-51999
was published
for
express
(npm)
Dec 1, 2025
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Low
GHSA-wmjr-v86c-m9jj
was published
for
better-auth
(npm)
Nov 26, 2025
Contao is vulnerable to cross-site scripting in templates
Low
CVE-2025-65961
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM
Low
CVE-2025-65942
was published
for
github.com/VictoriaMetrics/VictoriaMetrics
(Go)
Nov 25, 2025
Astro Development Server has Arbitrary Local File Read
Low
CVE-2025-64757
was published
for
astro
(npm)
Nov 19, 2025
LibreNMS has Weak Password Policy
Low
CVE-2025-65014
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
Low
CVE-2025-64711
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
Astro development server error page is vulnerable to reflected Cross-site Scripting
Low
CVE-2025-64745
was published
for
astro
(npm)
Nov 13, 2025
ProTip!
Advisories are also available from the
GraphQL API