Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,182 advisories

Loading
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification Moderate
CVE-2025-34469 was published for cowrie (pip) Dec 20, 2025
filippolauria
Credited to filippolauria
SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key Low
CVE-2025-15107 was published for github.com/actiontech/sqle (Go) Dec 27, 2025
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane rennf93
Credited to Cycloctane and rennf93
FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload High
CVE-2025-69210 was published for facturascripts/facturascripts (Composer) Dec 30, 2025
vettrivel007
Credited to vettrivel007
ImageMagick has a heap-buffer-overflow Low
CVE-2025-68469 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
hardik05
Credited to hardik05
Composer is vulnerable to ANSI sequence injection Low
CVE-2025-67746 was published for composer/composer (Composer) Dec 30, 2025
cs278
Credited to cs278
NutzBoot Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-13806 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
phpMyFAQ has Stored XSS in user list via admin-managed display_name Moderate
CVE-2025-68951 was published for thorsten/phpmyfaq (Composer) Dec 29, 2025
eclipse07077-ljw
Credited to eclipse07077-ljw
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts Low
CVE-2025-14986 was published for go.temporal.io/server (Go) Dec 30, 2025
Trix has a stored XSS vulnerability through its attachment attribute Moderate
GHSA-g9jg-w8vm-g96v was published for action_text-trix (RubyGems) Dec 31, 2025
serverless MCP Server vulnerable to Command Injection in list-projects tool High
CVE-2025-69256 was published for serverless (npm) Dec 31, 2025
dellalibera
Credited to dellalibera
Visual Studio Code Go extension has unexpected untrusted code execution Moderate
CVE-2025-68120 was published for github.com/golang/vscode-go (Go) Dec 30, 2025
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) Moderate
CVE-2024-6783 was published for vue-template-compiler (npm) Jul 23, 2024
sdesalas knutwannheden
Credited to sdesalas and knutwannheden
CBORDecoder reuse can leak shareable values across decode calls Moderate
CVE-2025-68131 was published for cbor2 (pip) Dec 31, 2025
andreer
Credited to andreer
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service Moderate
CVE-2024-12289 was published for github.com/hashicorp/boundary (Go) Dec 13, 2024
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
Credited to nandita-v
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS High
CVE-2025-12183 was published for at.yawk.lz4:lz4-java (Maven) Nov 28, 2025
Marcono1234 pjfanning
Credited to Marcono1234 and pjfanning
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy 0f-0b
Credited to littledivy and 0f-0b
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash High
CVE-2023-7332 was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
dktapps
Credited to dktapps
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu
Credited to berkdedekarginoglu
Libredesk has Improper Neutralization of HTML Tags in a Web Page High
CVE-2025-68927 was published for github.com/abhinavxd/libredesk (Go) Dec 16, 2025
PlayerIUnknown
Credited to PlayerIUnknown
theshit vulnerable to unsafe loading of user-owned Python rules when running as root Moderate
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid
Credited to AsfhtgkDavid
ImageMagick's failure to limit MVG mutual causes Stack Overflow Moderate
CVE-2025-68950 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 30, 2025
ylwango613
Credited to ylwango613
RustFS has a gRPC Hardcoded Token Authentication Bypass Critical
CVE-2025-68926 was published for rustfs (Rust) Dec 30, 2025
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack Moderate
CVE-2025-68618 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 30, 2025
ylwango613
Credited to ylwango613
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database