Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,545 advisories

Loading
Liferay Portal Vulnerable to CSRF in Headless APIs High
CVE-2025-62258 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Portal Vulnerable to DoS via Crafted Headless API Request High
CVE-2025-62260 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Apache Tomcat Vulnerable to Relative Path Traversal High
CVE-2025-55752 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
pg8000 SQL injection vulnerability via a specially crafted Python list input High
CVE-2025-61385 was published for pg8000 (pip) Oct 27, 2025
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
LangGraph's SQLite store implementation has a SQL Injection Vulnerability High
CVE-2025-8709 was published for langgraph-checkpoint-sqlite (pip) Oct 26, 2025
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON High
CVE-2025-12044 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Kottster app reinitialization can be re-triggered allowing command injection in development mode High
CVE-2025-62713 was published for @kottster/server (npm) Oct 23, 2025
P0cas
Credited to P0cas
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method High
CVE-2025-59048 was published for github.com/openbao/openbao-plugins (Go) Oct 23, 2025
pkarakal
Credited to pkarakal
Moodle vulnerable to brute-force password guesses High
CVE-2025-62399 was published for moodle/moodle (Composer) Oct 23, 2025
binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref High
GHSA-wwxp-hxh6-8gf8 was published for binary_vec_io (Rust) Oct 22, 2025
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server High
CVE-2025-62611 was published for aiomysql (pip) Oct 22, 2025
KonstantAnxiety
Credited to KonstantAnxiety
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Hono Improper Authorization vulnerability High
CVE-2025-62610 was published for hono (npm) Oct 22, 2025
okazu-dm
Credited to okazu-dm
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb
Credited to woodruffw, tycho, azenla, anners, mnm678, and zanieb
Taguette password reset link poisoning High
CVE-2025-62527 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
Apache Syncope allows malicious administrators to inject Groovy code High
CVE-2025-57738 was published for org.apache.syncope.core:syncope-core-spring (Maven) Oct 20, 2025
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system High
CVE-2025-47410 was published for org.apache.geode:geode-web (Maven) Oct 18, 2025
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol maennchen
zachdaniel
Credited to jechol, maennchen, and zachdaniel
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests High
CVE-2025-59043 was published for github.com/openbao/openbao (Go) Oct 17, 2025
phil9909
Credited to phil9909
Git LFS may write to arbitrary files via crafted symlinks High
CVE-2025-26625 was published for github.com/git-lfs/git-lfs (Go) Oct 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database