GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,527 advisories
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Critical
CVE-2025-67494
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Next.js is vulnerable to RCE in React flight protocol
Critical
GHSA-9qr9-h5gf-34mp
was published
for
next
(npm)
Dec 3, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Critical
CVE-2025-65964
was published
for
n8n
(npm)
Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Critical
CVE-2025-66565
was published
for
github.com/gofiber/utils
(Go)
Dec 8, 2025
Emby Server API Vulnerability allowing to gain administrative access without precondition
Critical
CVE-2025-64113
was published
for
MediaBrowser.Server.Core
(NuGet)
Dec 8, 2025
React Server Components are Vulnerable to RCE
Critical
CVE-2025-55182
was published
for
react-server-dom-parcel
(npm)
Dec 3, 2025
Mautic user without privileged access to the Marketplace can install and uninstall composer packages
Critical
CVE-2025-13828
was published
for
mautic/core
(Composer)
Dec 2, 2025
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
Critical
CVE-2025-66401
was published
for
mcp-watch
(npm)
Dec 2, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Critical
CVE-2025-62593
was published
for
ray
(pip)
Nov 26, 2025
ProTip!
Advisories are also available from the
GraphQL API