Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,114
NuGet
735
pip
3,934
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

8,308 advisories

Loading
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports High
GHSA-f7qq-56ww-84cr was published for picklescan (pip) Sep 10, 2025
davcohen
Webrecorder packages are vulnerable to XSS through 404 error handling logic High
CVE-2025-58765 was published for @webrecorder/archivewebpage (npm) Sep 10, 2025
Dedal0
Claude Code rg vulnerability does not protect against approval prompt bypass High
CVE-2025-58764 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
N8N's Chat Trigger component is vulnerable to XSS High
CVE-2025-56265 was published for @n8n/n8n-nodes-langchain (npm) Sep 8, 2025
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
Monai: Unsafe use of Pickle deserialization may lead to RCE High
CVE-2025-58757 was published for monai (pip) Sep 9, 2025
h3rrr
MONAI: Unsafe torch usage may lead to arbitrary code execution High
CVE-2025-58756 was published for monai (pip) Sep 9, 2025
h3rrr
MONAI does not prevent path traversal, potentially leading to arbitrary file writes High
CVE-2025-58755 was published for monai (pip) Sep 9, 2025
h3rrr
Maho is Vulnerable to Authenticated Remote Code Execution via File Upload High
CVE-2025-58449 was published for mahocommerce/maho (Composer) Sep 9, 2025
d-xuan
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware High
CVE-2025-59037 was published for @duckdb/duckdb-wasm (npm) Sep 9, 2025
TYPO3 Workspaces Module Information Disclosure High
CVE-2025-59018 was published for typo3/cms-workspaces (Composer) Sep 9, 2025
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload High
CVE-2025-58180 was published for octoprint (pip) Sep 9, 2025
prabhatverma47
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion High
CVE-2025-58063 was published for github.com/coredns/coredns (Go) Sep 9, 2025
thevilledev
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor High
GHSA-pfp7-vxgr-83pw was published for toodee (Rust) Sep 9, 2025
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
XWiki Blog Application: Privilege Escalation (PR) from account through blog content High
CVE-2025-58365 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Sep 8, 2025
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability High
CVE-2025-9636 was published for pgadmin4 (pip) Sep 5, 2025
TkEasyGUI Affected by Uncontrolled Search Path Element Issue High
CVE-2025-55671 was published for TkEasyGUI (pip) Sep 5, 2025
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module High
CVE-2022-42121 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Inefficient Regular Expression Complexity in Liferay Portal High
CVE-2022-42124 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Path Traversal in Liferay Portal High
CVE-2022-42123 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database