Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,904 advisories

Loading
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark Moderate
CVE-2025-9862 was published for ghost (npm) Sep 15, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Flowise has arbitrary file access due to missing chat flow id validation Critical
GHSA-q67q-549q-p849 was published for flowise (npm) Sep 15, 2025
rpie9
Flowise has an Arbitrary File Read Critical
GHSA-99pg-hqvx-r4gf was published for flowise (npm) Sep 15, 2025
dwbzn
Flowise has Remote Code Execution vulnerability Critical
GHSA-3gcm-f6qx-ff7p was published for flowise (npm) Sep 15, 2025
im-soohyun
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability High
GHSA-hr92-4q35-4j3m was published for flowise (npm) Sep 15, 2025
im-soohyun
FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-7944-7c6r-55vv was published for flowise (npm) Sep 15, 2025
Dipper37701
Liferay Portal has External Control of System or Configuration Settings Low
CVE-2025-43792 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Sep 15, 2025
Liferay Portal has Improper Validation of Specified Quantity in Input Moderate
CVE-2025-43793 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 15, 2025
Liferay Portal vulnerable to Cross-site Scripting Moderate
CVE-2025-43791 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
Apache Fory Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-59328 was published for org.apache.fory:fory-core (Maven) Sep 15, 2025
FUSE-Rust: Uninitalized memory read and leak caused by fuser crate High
GHSA-cvmj-47v9-35m9 was published for fuser (Rust) Sep 15, 2025
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter Moderate
CVE-2025-58177 was published for n8n (npm) Sep 15, 2025
pfelilpe 5h0lm3s
Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults High
CVE-2025-54588 was published for github.com/envoyproxy/envoy (Go) Sep 15, 2025
agrawroh yanavlasov
phlax botengyao
Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden High
CVE-2025-48042 was published for ash (Erlang) Sep 15, 2025
zachdaniel maennchen
Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-8396 was published for go.temporal.io/server (Go) Sep 15, 2025
mcp-kubernetes-server has a Command Injection vulnerability Low
CVE-2025-59376 was published for mcp-kubernetes-server (pip) Sep 15, 2025
mcp-kubernetes-server has an OS Command Injection vulnerability Low
CVE-2025-59377 was published for mcp-kubernetes-server (pip) Sep 15, 2025
serde_yml crate is unsound and unmaintained Moderate
GHSA-hhw4-xg65-fp2x was published for serde_yml (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
MetaMask SDK indirectly exposed via malicious [email protected] dependency Moderate
GHSA-qj3p-xc97-xw74 was published for @metamask/sdk (npm) Sep 15, 2025
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
Mattermost makes Use of Weak Hash Moderate
CVE-2025-9078 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Liferay Portal has stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43794 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 15, 2025
Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function High
CVE-2025-59358 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database