Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
756
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10,841 advisories

Loading
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) Moderate
CVE-2025-62594 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Oct 27, 2025
amethyst0225 jin-156
yosiimich
Credited to amethyst0225, jin-156, and yosiimich
PowerJob OpenAPIController is missing authorization Moderate
CVE-2025-11581 was published for tech.powerjob:powerjob-server-starter (Maven) Oct 10, 2025
InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement Moderate
CVE-2025-62782 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
InventoryGui affected by item duplication in GUIs which use GuiStorageElement Moderate
CVE-2025-62783 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
FaMa91
Credited to FaMa91
BBOT's gitlab.py exposes globally configured "gitlab" API key Moderate
CVE-2025-10282 was published for bbot (pip) Oct 27, 2025
justinsteven
Credited to justinsteven
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service Moderate
CVE-2025-60790 was published for processwire/processwire (Composer) Oct 21, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
cai0duque bentasker
swils23 ichard26
Credited to cai0duque, bentasker, swils23, and ichard26
Piranha CMS vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2025-61413 was published for Piranha (NuGet) Oct 23, 2025
validator.js has a URL validation bypass vulnerability in its isURL function Moderate
CVE-2025-56200 was published for validator (npm) Sep 30, 2025
G-Rath Moumouls
aleyipsoftwire
Credited to G-Rath, Moumouls, and aleyipsoftwire
Moodle course access permissions are not properly checked in course_output_fragment_course_overview Moderate
CVE-2025-62393 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle has a time restriction bypass Moderate
CVE-2025-62401 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle's error handling leads to sensitive information disclosure Moderate
CVE-2025-62396 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle does not properly enforce MFA Moderate
CVE-2025-62398 was published for moodle/moodle (Composer) Oct 23, 2025
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Liferay Portal and DXP do not properly restrict access to OpenAPI Moderate
CVE-2025-62256 was published for com.liferay:com.liferay.portal.security.auth.verifier (Maven) Oct 23, 2025
rollbar vulnerable to Prototype Pollution in merge() Moderate
CVE-2025-62517 was published for rollbar (npm) Oct 23, 2025
waltjones brianr
kiwi865
Credited to waltjones, brianr, and kiwi865
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass Moderate
GHSA-q7jf-gf43-6x6p was published for hono (npm) Oct 24, 2025
Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization Moderate
CVE-2017-18872 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl Moderate
CVE-2025-62710 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 22, 2025
Liferay Portal ComboServlet denial of service via large file combination Moderate
CVE-2025-62254 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 24, 2025
Rancher exposes sensitive information through audit logs Moderate
CVE-2024-58269 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Rancher user retains access to clusters despite Global Role removal Moderate
CVE-2023-32199 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39419 was published for magento/community-edition (Composer) Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database