GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11,183 advisories
CBORDecoder reuse can leak shareable values across decode calls
Moderate
CVE-2025-68131
was published
for
cbor2
(pip)
Dec 31, 2025
theshit vulnerable to unsafe loading of user-owned Python rules when running as root
Moderate
CVE-2025-69257
was published
for
theshit
(Rust)
Dec 30, 2025
ImageMagick's failure to limit MVG mutual causes Stack Overflow
Moderate
CVE-2025-68950
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 30, 2025
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack
Moderate
CVE-2025-68618
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Dec 30, 2025
axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
Moderate
CVE-2025-69202
was published
for
axios-cache-interceptor
(npm)
Dec 30, 2025
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Moderate
GHSA-6556-fwc2-fg2p
was published
for
picklescan
(pip)
Dec 30, 2025
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
Moderate
GHSA-cffc-mxrf-mhh4
was published
for
picklescan
(pip)
Dec 29, 2025
phpMyFAQ has Stored XSS in user list via admin-managed display_name
Moderate
CVE-2025-68951
was published
for
thorsten/phpmyfaq
(Composer)
Dec 29, 2025
hemmelig allows SSRF Filter bypass via Secret Request functionality
Moderate
CVE-2025-69206
was published
for
hemmelig
(npm)
Dec 29, 2025
LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
Moderate
CVE-2025-68614
was published
for
librenms/librenms
(Composer)
Dec 23, 2025
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Moderate
CVE-2025-67743
was published
for
local-deep-research
(pip)
Dec 23, 2025
ProTip!
Advisories are also available from the
GraphQL API