GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,560 advisories
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format
Moderate
CVE-2025-53622
was published
for
org.dspace:dspace-api
(Maven)
Jul 15, 2025
DSpace is vulnerable to XML External Entity injection during archive imports
Moderate
CVE-2025-53621
was published
for
org.dspace:dspace-api
(Maven)
Jul 15, 2025
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
Moderate
CVE-2025-53889
was published
for
directus
(npm)
Jul 15, 2025
Measured is vulnerable to Path Traversal attacks during class initialization
Moderate
GHSA-29g5-m8v7-v564
was published
for
measured
(RubyGems)
Jul 15, 2025
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged
Moderate
CVE-2025-48795
was published
for
org.apache.cxf:cxf-core
(Maven)
Jul 15, 2025
Directus' exact version number is exposed by the OpenAPI Spec
Moderate
CVE-2025-53887
was published
for
directus
(npm)
Jul 15, 2025
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Moderate
CVE-2025-53886
was published
for
directus
(npm)
Jul 15, 2025
Indico vulnerability allows attackers to bulk dump user details
Moderate
CVE-2025-53640
was published
for
indico
(pip)
Jul 14, 2025
Better Call routing bug can lead to Cache Deception
Moderate
GHSA-hq75-xg7r-rx6c
was published
for
better-call
(npm)
Jul 11, 2025
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON
Moderate
CVE-2025-53864
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Jul 11, 2025
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
Moderate
CVE-2025-53506
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Jul 10, 2025
ProTip!
Advisories are also available from the
GraphQL API