GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,410 advisories
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Critical
CVE-2025-54127
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jul 21, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability
Critical
CVE-2025-54082
was published
for
manogi/nova-tiptap
(Composer)
Jul 21, 2025
form-data uses unsafe random function in form-data for choosing boundary
Critical
CVE-2025-7783
was published
for
form-data
(npm)
Jul 21, 2025
Livewire is vulnerable to remote command execution during component property update hydration
Critical
CVE-2025-54068
was published
for
livewire/livewire
(Composer)
Jul 17, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA
Critical
CVE-2025-53890
was published
for
pyload-ng
(pip)
Jul 15, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Critical
CVE-2025-53836
was published
for
org.xwiki.rendering:xwiki-rendering-transformation-macro
(Maven)
Jul 14, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
Critical
CVE-2025-53623
was published
for
job-iteration
(RubyGems)
Jul 14, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
Critical
CVE-2025-53624
was published
for
docusaurus-plugin-content-gists
(npm)
Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
Critical
CVE-2025-53620
was published
for
@builder.io/qwik-city
(npm)
Jul 9, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data
Critical
CVE-2025-32897
was published
for
org.apache.seata:seata-config-core
(Maven)
Jun 28, 2025
Gogs allows deletion of internal files which leads to remote command execution
Critical
CVE-2024-56731
was published
for
gogs.io/gogs
(Go)
Jun 24, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys
Critical
CVE-2025-6547
was published
for
pbkdf2
(npm)
Jun 23, 2025
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Critical
CVE-2025-6545
was published
for
pbkdf2
(npm)
Jun 23, 2025
rfc3161-client has insufficient verification for timestamp response signatures
Critical
CVE-2025-52556
was published
for
rfc3161-client
(pip)
Jun 20, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
Critical
CVE-2025-49132
was published
for
pterodactyl/panel
(Composer)
Jun 19, 2025
ProTip!
Advisories are also available from the
GraphQL API