GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,952 advisories
Directus Vulnerable to Information Leakage in Existing Collections
Moderate
CVE-2025-64749
was published
for
@directus/api
(npm)
Nov 13, 2025
Directus's conceal fields are searchable if read permissions enabled
Moderate
CVE-2025-64748
was published
for
@directus/api
(npm)
Nov 13, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Moderate
CVE-2025-64716
was published
for
github.com/TecharoHQ/anubis
(Go)
Oct 30, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Moderate
CVE-2025-64432
was published
for
kubevirt.io/kubevirt
(Go)
Nov 6, 2025
MantisBT unauthorized disclosure of private project column configuration
Moderate
CVE-2025-62520
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
Soft Serve does not sanitize ANSI escape sequences in user input
Moderate
CVE-2025-64494
was published
for
github.com/charmbracelet/soft-serve
(Go)
Nov 6, 2025
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Moderate
CVE-2025-64436
was published
for
github.com/kubevirt/kubevirt
(Go)
Nov 6, 2025
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Moderate
CVE-2025-64435
was published
for
github.com/kubevirt/kubevirt
(Go)
Nov 6, 2025
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
Moderate
CVE-2025-64434
was published
for
kubevirt.io/kubevirt
(Go)
Nov 6, 2025
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability
Moderate
CVE-2025-54656
was published
for
org.apache.struts:struts-extras
(Maven)
Jul 30, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
Directus has Improper Permission Handling on Deleted Fields
Moderate
CVE-2025-64746
was published
for
directus
(npm)
Nov 14, 2025
Shopware 6's password recovery link does not expire after email change
Moderate
GHSA-2w46-vq8h-98vh
was published
for
shopware/core
(Composer)
Nov 14, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Moderate
CVE-2025-64714
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
ProTip!
Advisories are also available from the
GraphQL API