Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,090 advisories

Loading
Electron has ASAR Integrity Bypass via resource modification Moderate
CVE-2025-55305 was published for electron (npm) Sep 3, 2025
dariushoule
Credited to dariushoule
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning High
GHSA-ph6w-f82w-28w6 was published for @anthropic-ai/claude-code (npm) Sep 3, 2025
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package Low
CVE-2025-58064 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 3, 2025
Netty's decoders vulnerable to DoS via zip bomb style attack Moderate
CVE-2025-58057 was published for io.netty:netty-codec (Maven) Sep 3, 2025
yawkat
Credited to yawkat
XWiki configuration files can be accessed through jsx and sx endpoints Critical
CVE-2025-55748 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Sep 3, 2025
XWiki configuration files can be accessed through the webjars API Critical
CVE-2025-55747 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58607 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58614 was published Sep 3, 2025
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting... Moderate Unreviewed
CVE-2025-58617 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58621 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58620 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58630 was published Sep 3, 2025
Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting... Moderate Unreviewed
CVE-2025-58622 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day &... High Unreviewed
CVE-2025-58642 was published Sep 3, 2025
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting... Moderate Unreviewed
CVE-2025-58639 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes –... High Unreviewed
CVE-2025-58643 was published Sep 3, 2025
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server... Moderate Unreviewed
CVE-2025-58641 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58640 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58605 was published Sep 3, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58608 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58609 was published Sep 3, 2025
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2025-58603 was published Sep 3, 2025
Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-58616 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58625 was published Sep 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58633 was published Sep 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database