Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,620 advisories

Loading
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Low
GHSA-cf57-c578-7jvv was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Drupal Umami Analytics allows Cross-Site Scripting (XSS) Low
CVE-2025-10931 was published for drupal/umami_analytics (Composer) Oct 30, 2025
Keycloak allows access to admin path through flaw Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables Low
CVE-2025-61677 was published for datachain (pip) Oct 2, 2025
gothburz
Credited to gothburz
Wasmtime vulnerable to segfault when using component resources Low
CVE-2025-62711 was published for wasmtime (Rust) Oct 27, 2025
alexcrichton
Credited to alexcrichton
Magento does not properly protect credentials Low
CVE-2025-27192 was published for magento/community-edition (Composer) Apr 8, 2025
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128
Credited to eharris128
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Credited to smira and Unix4ever
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
Mattermost Server allows System Admin to modify LDAP account names and email addresses Low
CVE-2016-11077 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice Low
GHSA-xcpm-76hf-c9cc was published for borrowck_sacrifices (Rust) Oct 22, 2025
Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer Low
GHSA-fp5x-7m4q-449f was published for direct_ring_buffer (Rust) Oct 21, 2025
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices Low
GHSA-h5j3-crg5-8jqm was published for orx-pinned-vec (Rust) Oct 21, 2025
uv has differential in tar extraction with PAX headers Low
GHSA-w476-p2h3-79g9 was published for uv (pip) Oct 21, 2025
woodruffw zanieb
Credited to woodruffw and zanieb
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to path traversal via Plugin upload Low
GHSA-6wh5-mw9h-5c3w was published for shopware/core (Composer) Oct 21, 2025
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Oct 20, 2025
waltjones brianr
Credited to waltjones and brianr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database