Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,715 advisories

Loading
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor... Low Unreviewed
CVE-2025-8850 was published Oct 30, 2025
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19... Low Unreviewed
CVE-2025-12517 was published Oct 30, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Low
GHSA-cf57-c578-7jvv was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some... Low Unreviewed
CVE-2025-10636 was published Oct 30, 2025
Drupal Umami Analytics allows Cross-Site Scripting (XSS) Low
CVE-2025-10931 was published for drupal/umami_analytics (Composer) Oct 30, 2025
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax... Low Unreviewed
CVE-2025-58183 was published Oct 30, 2025
LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-11203 was published Oct 29, 2025
Keycloak allows access to admin path through flaw Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025
Wasmtime vulnerable to segfault when using component resources Low
CVE-2025-62711 was published for wasmtime (Rust) Oct 27, 2025
alexcrichton
Credited to alexcrichton
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless... Low Unreviewed
CVE-2025-26862 was published Oct 27, 2025
ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a... Low Unreviewed
CVE-2025-11248 was published Oct 27, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18... Low Unreviewed
CVE-2025-11989 was published Oct 27, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and... Low Unreviewed
CVE-2025-6601 was published Oct 27, 2025
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU... Low Unreviewed
CVE-2025-12221 was published Oct 25, 2025
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for... Low Unreviewed
CVE-2025-11888 was published Oct 25, 2025
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address... Low Unreviewed
CVE-2025-11244 was published Oct 25, 2025
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before... Low Unreviewed
CVE-2025-10723 was published Oct 24, 2025
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in... Low Unreviewed
CVE-2025-1680 was published Oct 23, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62659 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database