Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,261 advisories

Loading
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
GHSA-xmcw-mv9p-7pq2 was published for org.keycloak:keycloak-account-ui (Maven) Sep 5, 2025 withdrawn
julianladisch
Credited to julianladisch
Angular SSR has a Server-Side Request Forgery (SSRF) flaw High
CVE-2025-62427 was published for @angular/ssr (npm) Oct 16, 2025
meDavidNS securityMB
jkrems alan-agius4 josephperrott
Credited to meDavidNS, securityMB, jkrems, alan-agius4, and josephperrott
bagisto has Cross Site Scripting (XSS) in Create New Customer Moderate
CVE-2025-62414 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG) Moderate
CVE-2025-62418 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has Server Side Template Injection (SSTI) in Product Description Moderate
CVE-2025-62416 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML) Moderate
CVE-2025-62415 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS High
CVE-2025-62506 was published for github.com/minio/minio (Go) Oct 16, 2025
donatello
Credited to donatello
Smidge is vulnerable to Path Traversal Moderate
CVE-2025-11842 was published for Smidge (NuGet) Oct 16, 2025
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection High
CVE-2025-41253 was published for org.springframework.cloud:spring-cloud-gateway-server-webflux (Maven) Oct 16, 2025
Strapi is vulnerable to Insufficient Session Expiration Moderate
CVE-2025-3930 was published for @strapi/strapi (npm) Oct 16, 2025
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability Low
CVE-2025-61581 was published for github.com/apache/trafficcontrol/v8 (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability High
CVE-2025-58075 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability High
CVE-2025-58073 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability Critical
CVE-2025-54539 was published for Apache.NMS.AMQP (NuGet) Oct 16, 2025
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41410 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has an Incorrect Authorization vulnerability Low
CVE-2025-10545 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41443 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
Strapi Allows Unauthorized Access to Private Fields via parms.lookup High
CVE-2024-56143 was published for @strapi/core (npm) Oct 16, 2025
Boegie19 alexandrebodin
derrickmehaffy
Credited to Boegie19, alexandrebodin, and derrickmehaffy
`git-comiters` Command Injection vulnerability High
CVE-2025-59831 was published for git-commiters (npm) Sep 22, 2025
lirantal
Credited to lirantal
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
Credited to patrykgruszka, majkelstick, and escopecz
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m patrykgruszka
Credited to mallo-m and patrykgruszka
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability Low
CVE-2025-62412 was published for librenms/librenms (Composer) Oct 16, 2025
zdi-disclosures
Credited to zdi-disclosures
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database