Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,825 advisories

Loading
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-7vm2-j586-vcvc was published for SurrealDB (Rust) Sep 11, 2025
kearfy
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
metametadata
Next.js Improper Middleware Redirect Handling Leads to SSRF Moderate
CVE-2025-57822 was published for next (npm) Aug 29, 2025
medikoo
Next.js Content Injection Vulnerability for Image Optimization Moderate
CVE-2025-55173 was published for next (npm) Aug 29, 2025
kristianmagas medikoo
Prebid-universal-creative latest on npm briefly compromised Critical
CVE-2025-59039 was published for prebid-universal-creative (npm) Sep 11, 2025
Prebid.js NPM package briefly compromised High
CVE-2025-59038 was published for prebid.js (npm) Sep 11, 2025
Liferay Portal is vulnerable to XSS attacks via its remote app title field Moderate
CVE-2025-43775 was published for com.liferay:com.liferay.client.extension.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its search bar portlet Moderate
CVE-2025-43781 was published for com.liferay:com.liferay.portal.search.web (Maven) Sep 9, 2025
Liferay Portal exposes ERC which can lead to exploit the time response attack Moderate
CVE-2025-43786 was published for com.liferay:com.liferay.headless.admin.workflow.impl (Maven) Sep 9, 2025
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Yuuki77 dblessing
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott jkrems
YesWiki Cross Site Scripting vulnerability Moderate
CVE-2025-52277 was published for yeswiki/yeswiki (Composer) Sep 9, 2025
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
CVE-2025-59049 was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
Claude Code rg vulnerability does not protect against approval prompt bypass High
CVE-2025-58764 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
XWiki configuration files can be accessed through jsx and sx endpoints Critical
CVE-2025-55748 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Sep 3, 2025
XWiki configuration files can be accessed through the webjars API Critical
CVE-2025-55747 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) Sep 3, 2025
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions Critical
CVE-2024-38002 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
TYPO3 CMS uses insufficient entropy when generating passwords Moderate
CVE-2025-59015 was published for typo3/cms-core (Composer) Sep 9, 2025
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database