GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
23,936 advisories
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
Moderate
CVE-2025-58162
was published
for
mobsf
(pip)
Sep 2, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
High
GHSA-fqqv-56h5-f57g
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 2, 2025
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
High
CVE-2025-57808
was published
for
esphome
(pip)
Sep 2, 2025
Local Deep Research's API keys are stored in plain text
Moderate
CVE-2025-57806
was published
for
local-deep-research
(pip)
Sep 2, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Moderate
CVE-2025-57752
was published
for
next
(npm)
Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
Next.js Improper Middleware Redirect Handling Leads to SSRF
Moderate
CVE-2025-57822
was published
for
next
(npm)
Aug 29, 2025
Tracing logging user input may result in poisoning logs with ANSI escape sequences
Low
CVE-2025-58160
was published
for
tracing-subscriber
(Rust)
Aug 29, 2025
Eventlet affected by HTTP request smuggling in unparsed trailers
Moderate
CVE-2025-58068
was published
for
eventlet
(pip)
Aug 29, 2025
Harness Allows Arbitrary File Write in Gitness LFS server
High
CVE-2025-58158
was published
for
github.com/harness/gitness
(Go)
Aug 29, 2025
Versity panic induced by AWS chunked data sent to port
High
GHSA-v2ch-c8v8-fgr7
was published
for
github.com/versity/versitygw
(Go)
Aug 29, 2025
Opencast has a partial path traversal vulnerability in UI config
Low
CVE-2025-55202
was published
for
org.opencastproject:opencast-user-interface-configuration
(Maven)
Aug 29, 2025
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
Low
CVE-2025-55304
was published
for
Exiv2
(pip)
Aug 29, 2025
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
Low
CVE-2025-54080
was published
for
Exiv2
(pip)
Aug 29, 2025
ProTip!
Advisories are also available from the
GraphQL API