GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,560 advisories
OpenFGA Authorization Bypass
Moderate
CVE-2025-48371
was published
for
github.com/openfga/openfga
(Go)
May 23, 2025
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Moderate
CVE-2025-48378
was published
for
DotNetNuke.Core
(NuGet)
May 23, 2025
Reflected Cross-Site Scripting (XSS) in module actions in edit mode
Moderate
CVE-2025-48377
was published
for
DotNetNuke.Core
(NuGet)
May 23, 2025
Insufficient input sanitization in ejson2env
Moderate
CVE-2025-48069
was published
for
ejson2env
(RubyGems)
May 21, 2025
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
Moderate
CVE-2025-47291
was published
for
github.com/containerd/containerd/v2
(Go)
May 21, 2025
Character injection in Hubble CLI
Moderate
CVE-2025-48056
was published
for
github.com/cilium/hubble
(Go)
May 21, 2025
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Moderate
CVE-2025-47939
was published
for
typo3/cms-core
(Composer)
May 20, 2025
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Moderate
CVE-2025-47946
was published
for
symfony/ux-live-component
(Composer)
May 19, 2025
Cocotais Bot has builtin .echo command injection
Moderate
CVE-2025-47948
was published
for
cocotais-bot
(npm)
May 19, 2025
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Moderate
CVE-2025-32962
was published
for
flask-appbuilder
(pip)
May 16, 2025
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
Moderate
CVE-2024-11718
was published
for
couleurcitron/tarteaucitron-wp
(Composer)
May 15, 2025
ProTip!
Advisories are also available from the
GraphQL API