Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,863 advisories

Loading
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a... Low Unreviewed
CVE-2025-12954 was published Dec 3, 2025
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local... Low Unreviewed
CVE-2025-13640 was published Dec 2, 2025
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9799 was published Dec 2, 2025
Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments Low
GHSA-644f-hrff-mf96 was published for @nocobase/auth (npm) Dec 2, 2025 withdrawn
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59700 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59696 was published Dec 2, 2025
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation Low
CVE-2025-65858 was published for calibreweb (pip) Dec 2, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13872 was published Dec 2, 2025
In display, there is a possible out of bounds write due to a missing bounds check. This could... Low Unreviewed
CVE-2025-20769 was published Dec 2, 2025
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe Low
GHSA-mj73-j457-8x9q was published for maxminddb (Rust) Dec 2, 2025
oschwald
Credited to oschwald
rtvm-interpreter lacks sufficient checks in public API Low
GHSA-pq5v-rwp8-p7gm was published for rtvm-interpreter (Rust) Dec 2, 2025
Better Auth affected by external request basePath modification DoS Low
GHSA-569q-mpph-wgww was published for better-auth (npm) Dec 1, 2025
goksan
Credited to goksan
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls Low
GHSA-rcmh-qjqh-p98v was published for nodemailer (npm) Dec 1, 2025
uko3211
Credited to uko3211
Spotipy has a XSS vulnerability in its OAuth callback server Low
CVE-2025-66040 was published for spotipy (pip) Dec 1, 2025
yueyueL
Credited to yueyueL
Withdrawn Advisory: express improperly controls modification of query properties Low
CVE-2024-51999 was published for express (npm) Dec 1, 2025 withdrawn
ctcpip wesleytodd
jonchurch bjohansebas UlisesGascon
Credited to ctcpip, wesleytodd, jonchurch, bjohansebas, and UlisesGascon
When loading a plist file, the plistlib module reads data in size specified by the file itself,... Low Unreviewed
CVE-2025-13837 was published Dec 1, 2025
Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information... Low Unreviewed
CVE-2025-13129 was published Dec 1, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
NutzBoot vulnerable to information disclosure Low
CVE-2025-13804 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
yungifez Skuul School Management System vulnerable to XSS via SVG Low
CVE-2025-13784 was published for yungifez/skuul (Composer) Nov 30, 2025
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images Low
CVE-2025-13785 was published for yungifez/skuul (Composer) Nov 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database