Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,842 advisories

Loading
alexusmai laravel-file-manager is vulnerable to Directory Traversal Low
CVE-2025-65345 was published for alexusmai/laravel-file-manager (Composer) Dec 3, 2025
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local... Low Unreviewed
CVE-2025-13751 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20385 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20382 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20388 was published Dec 3, 2025
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a... Low Unreviewed
CVE-2025-12954 was published Dec 3, 2025
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local... Low Unreviewed
CVE-2025-13640 was published Dec 2, 2025
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9799 was published Dec 2, 2025
Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments Low
GHSA-644f-hrff-mf96 was published for @nocobase/auth (npm) Dec 2, 2025 withdrawn
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59700 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59696 was published Dec 2, 2025
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation Low
CVE-2025-65858 was published for calibreweb (pip) Dec 2, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13872 was published Dec 2, 2025
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
In display, there is a possible out of bounds write due to a missing bounds check. This could... Low Unreviewed
CVE-2025-20769 was published Dec 2, 2025
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe Low
GHSA-mj73-j457-8x9q was published for maxminddb (Rust) Dec 2, 2025
rtvm-interpreter lacks sufficient checks in public API Low
GHSA-pq5v-rwp8-p7gm was published for rtvm-interpreter (Rust) Dec 2, 2025
Better Auth affected by external request basePath modification DoS Low
GHSA-569q-mpph-wgww was published for better-auth (npm) Dec 1, 2025
goksan
Credited to goksan
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls Low
GHSA-rcmh-qjqh-p98v was published for nodemailer (npm) Dec 1, 2025
uko3211
Credited to uko3211
Spotipy has a XSS vulnerability in its OAuth callback server Low
CVE-2025-66040 was published for spotipy (pip) Dec 1, 2025
yueyueL
Credited to yueyueL
Withdrawn Advisory: express improperly controls modification of query properties Low
CVE-2024-51999 was published for express (npm) Dec 1, 2025 withdrawn
ctcpip wesleytodd
jonchurch bjohansebas UlisesGascon
Credited to ctcpip, wesleytodd, jonchurch, bjohansebas, and UlisesGascon
When loading a plist file, the plistlib module reads data in size specified by the file itself,... Low Unreviewed
CVE-2025-13837 was published Dec 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database