Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

293,074 advisories

Loading
SimpleXML has XML External Entity (XXE) vulnerability Critical
CVE-2017-1000190 was published for org.simpleframework:simple-xml (Maven) May 14, 2022
django CMS Cross-Site Scripting (XSS) Moderate
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer Moderate
CVE-2025-6638 was published for transformers (pip) Sep 12, 2025
serde_yml crate is unsound and unmaintained Moderate
GHSA-hhw4-xg65-fp2x was published for serde_yml (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
MetaMask SDK indirectly exposed via malicious [email protected] dependency Moderate
GHSA-qj3p-xc97-xw74 was published for @metamask/sdk (npm) Sep 15, 2025
Liferay Portal's selection modal is vulnerable to XSS Moderate
CVE-2025-43787 was published for com.liferay:com.liferay.users.admin.web (Maven) Sep 12, 2025
SimStudioAI: A function in route.ts is vulnerable to Code Injection Moderate
CVE-2025-10097 was published for simstudio (npm) Sep 8, 2025
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution Low
CVE-2025-43789 was published for com.liferay:com.liferay.comment.web (Maven) Sep 12, 2025
Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect Moderate
CVE-2025-43795 was published for com.liferay:com.liferay.configuration.admin.web (Maven) Sep 12, 2025
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack High
CVE-2025-43796 was published for com.liferay:com.liferay.portal.vulcan.api (Maven) Sep 12, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name Moderate
CVE-2025-43782 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl (Maven) Sep 11, 2025
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In... Critical Unreviewed
CVE-2025-59360 was published Sep 15, 2025
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In... Critical Unreviewed
CVE-2025-59361 was published Sep 15, 2025
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function... Moderate Unreviewed
CVE-2025-10442 was published Sep 15, 2025
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and... Moderate Unreviewed
CVE-2025-43794 was published Sep 15, 2025
A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI... Moderate Unreviewed
CVE-2025-10440 was published Sep 15, 2025
A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1.... Moderate Unreviewed
CVE-2025-10441 was published Sep 15, 2025
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10... Moderate Unreviewed
CVE-2025-9078 was published Sep 15, 2025
Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows... Low Unreviewed
CVE-2025-9084 was published Sep 15, 2025
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without... High Unreviewed
CVE-2025-59358 was published Sep 15, 2025
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the... High Unreviewed
CVE-2025-9072 was published Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database