Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,497 advisories

Loading
Mattermost has a Missing Authorization vulnerability High
CVE-2025-58075 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability High
CVE-2025-58073 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
OpenSearch Data Prepper plugins trust all SSL certificates by default High
CVE-2025-62371 was published for org.opensearch.dataprepper.plugins:opensearch (Maven) Oct 15, 2025
`sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js` High
CVE-2025-62381 was published for sveltekit-superforms (npm) Oct 15, 2025
d-xuan
Credited to d-xuan
Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability High
CVE-2025-55247 was published for Microsoft.Build (NuGet) Oct 15, 2025
rbhanda
Credited to rbhanda
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures
Credited to DepthFirstDisclosures
Magento vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2025-54264 was published for magento/community-edition (Composer) Oct 14, 2025
Magento provides incorrect authorization through a security feature bypass High
CVE-2025-54263 was published for magento/community-edition (Composer) Oct 14, 2025
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages High
CVE-2025-34267 was published for flowise (npm) Oct 14, 2025
CometBFT's invalid BitArray handling can lead to network halt High
GHSA-hrhf-2vcr-ghch was published for github.com/cometbft/cometbft (Go) Oct 14, 2025
whoismxuse
Credited to whoismxuse
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name High
CVE-2025-62172 was published for homeassistant (pip) Oct 14, 2025
pwnpanda
Credited to pwnpanda
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak
Credited to r0binak
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate High
CVE-2025-59288 was published for playwright (npm) Oct 14, 2025
JLLeitschuh
Credited to JLLeitschuh
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability High
GHSA-q8g5-rw97-f55h was published for Microsoft.Build.Tasks.Core (NuGet) Oct 14, 2025 withdrawn
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun J1vvoo
Credited to im-soohyun and J1vvoo
Omni vulnerable to information leak via API High
CVE-2025-61688 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
utkuozdemir
Credited to utkuozdemir
llama-index has Insecure Temporary File High
CVE-2025-7707 was published for llama-index (pip) Oct 13, 2025
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen zachdaniel
Credited to maennchen and zachdaniel
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
Bagisto is vulnerable to XSS through Admin Panel's product creation path High
CVE-2025-60880 was published for bagisto/bagisto (Composer) Oct 10, 2025
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database