Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,019
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,542 advisories

Loading
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Decap CMS Cross Site Scripting (XSS) vulnerability Low
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Vite's `server.fs` settings were not applied to HTML files Low
CVE-2025-58752 was published for vite (npm) Sep 9, 2025
orihjfrog dominikg
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
Fides has a Lack of Brute-Force Protections on Authentication Endpoints Low
CVE-2025-57815 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher daveqnet
Fides' Admin UI User Password Change Does Not Invalidate Current Session Low
CVE-2025-57766 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher adamsachs
daveqnet
Atlantis Exposes Service Version Publicly on /status API Endpoint Low
CVE-2025-58445 was published for github.com/runatlantis/atlantis (Go) Sep 5, 2025
matthewmrichter
ImageMagick BlobStream Forward-Seek Under-Allocation Low
CVE-2025-57807 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Sep 5, 2025
mescuwa
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions Low
CVE-2025-58056 was published for io.netty:netty-codec-http (Maven) Sep 4, 2025
JeppW JLLeitschuh
yawkat
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps Low
GHSA-vxmw-7h4f-hqxh was published for pypa/gh-action-pypi-publish (GitHub Actions) Sep 4, 2025
woodruffw
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa patrykgruszka
kuzmany lukehebe
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package Low
CVE-2025-58064 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 3, 2025
Apache DolphinScheduler Incorrect Default Permissions Vulnerability Low
CVE-2024-43166 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 3, 2025
MobSF Path Traversal in GET /download/<filename> using absolute filenames Low
CVE-2025-58161 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Tracing logging user input may result in poisoning logs with ANSI escape sequences Low
CVE-2025-58160 was published for tracing-subscriber (Rust) Aug 29, 2025
zefr0x
Opencast has a partial path traversal vulnerability in UI config Low
CVE-2025-55202 was published for org.opencastproject:opencast-user-interface-configuration (Maven) Aug 29, 2025
opsysdebug lkiesow
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata Low
CVE-2025-55304 was published for Exiv2 (pip) Aug 29, 2025
gluck-pwn
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file Low
CVE-2025-54080 was published for Exiv2 (pip) Aug 29, 2025
dragonArthurX
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token Low
GHSA-3rw9-wmc8-8948 was published for github.com/coder/coder/v2 (Go) Aug 28, 2025
spikecurtis
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash Low
CVE-2025-55212 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
amethyst0225 leehohojune
jin-156
ImageMagick has a heap-buffer-overflow Low
GHSA-fff3-4rp7-px97 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
hardik05
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip iwashiira
utshina on-keyday
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database