Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,696 advisories

Loading
SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key Low
CVE-2025-15107 was published for github.com/actiontech/sqle (Go) Dec 27, 2025
ImageMagick has a heap-buffer-overflow Low
CVE-2025-68469 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
hardik05
Credited to hardik05
Composer is vulnerable to ANSI sequence injection Low
CVE-2025-67746 was published for composer/composer (Composer) Dec 30, 2025
cs278
Credited to cs278
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts Low
CVE-2025-14986 was published for go.temporal.io/server (Go) Dec 30, 2025
URI Credential Leakage Bypass over CVE-2025-27221 Low
CVE-2025-61594 was published for uri (RubyGems) Dec 30, 2025
Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host” Low
GHSA-mgr9-6c2j-jxrq was published for pterodactyl/panel (Composer) Dec 30, 2025
4rdr
Credited to 4rdr
Open redirect endpoint in Datasette Low
CVE-2025-64481 was published for datasette (pip) Nov 6, 2025
jamesjefferies
Credited to jamesjefferies
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. Low
CVE-2025-68940 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Piranha has stored cross-site scripting (XSS) vulnerability Low
CVE-2025-67291 was published for Piranha (NuGet) Dec 22, 2025
Piranha has stored cross-site scripting (XSS) vulnerability Low
CVE-2025-67290 was published for Piranha (NuGet) Dec 22, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14882 was published for pretix (pip) Dec 19, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14881 was published for pretix (pip) Dec 19, 2025
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Credited to nathaniel-daniel
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature Low
GHSA-24v3-254g-jv85 was published for @tutao/tutanota-utils (npm) Dec 19, 2025
Orejime has executable code in HTML attributes Low
CVE-2025-68457 was published for orejime (npm) Dec 19, 2025
Rudloff felixgirault
Credited to Rudloff and felixgirault
Mattermost Desktop App exposes sensitive information in its application logs Low
CVE-2025-13321 was published for mattermost-desktop (npm) Dec 17, 2025
Mattermost has missing redirect URL validation Low
CVE-2025-62690 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Weblate has improper validation upon invitation acceptance Low
CVE-2025-64725 was published for Weblate (pip) Dec 15, 2025
PyMdown Extensions has a ReDOS bug in its Figure Capture extension Low
CVE-2025-68142 was published for pymdown-extensions (pip) Dec 16, 2025
Mayan EDMS has an Open Redirect through the /authentication/ file Low
CVE-2025-14692 was published for mayan-edms (pip) Dec 15, 2025
Mayan EDMS is vulnerable to XSS through the /authentication/ file Low
CVE-2025-14691 was published for mayan-edms (pip) Dec 15, 2025
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images Low
CVE-2025-13785 was published for yungifez/skuul (Composer) Nov 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database