Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,162 advisories

Loading
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver Moderate
CVE-2025-10281 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
Credited to justinsteven and liquidsec
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason vanya909
nijel
Credited to mel-mason, vanya909, and nijel
Better Auth: Unauthenticated API key creation through api-key plugin Critical
GHSA-99h5-pjcv-gr6v was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers Moderate
CVE-2025-62228 was published for org.apache.flink:flink-cdc-pipeline-connectors (Maven) Oct 9, 2025
n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host High
GHSA-365g-vjw2-grx8 was published for n8n (npm) Oct 9, 2025
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
scio is vunerable to Remote Command Execution through PyTorch Critical
GHSA-m9mp-6x32-5rhg was published for scio-pypi (pip) Oct 9, 2025
eliegoudout
Credited to eliegoudout
Keycloak Potential Variable Reference in Model Storage Services Moderate
CVE-2025-9162 was published for org.keycloak:keycloak-model-storage-services (Maven) Oct 8, 2025
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting Moderate
CVE-2025-61788 was published for org.opencastproject:opencast-common (Maven) Oct 8, 2025
miesgre
Credited to miesgre
FlowiseAI/Flosise has File Upload vulnerability High
CVE-2025-61687 was published for flowise (npm) Oct 8, 2025
im-soohyun
Credited to im-soohyun
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
Deno's --deny-read check does not prevent permission bypass Low
CVE-2025-61786 was published for deno (Rust) Oct 8, 2025
dellalibera
Credited to dellalibera
Synapse's invalid device keys degrade federation functionality Moderate
CVE-2025-61672 was published for matrix-synapse (pip) Oct 8, 2025
dkasak
Credited to dkasak
VaahCMS is vulnerable to XSS through its Avatar Upload endpoint Moderate
CVE-2025-61183 was published for webreinvent/vaahcms (Composer) Oct 8, 2025
Liferay Portal is vulnerable to Stored XSS through Forms text type field Moderate
CVE-2025-43830 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields Moderate
CVE-2025-43771 was published for com.liferay:com.liferay.flags.web (Maven) Oct 8, 2025
Liferay Portal Commerce Shop is vulnerable to Stored XSS through SVG file Moderate
CVE-2025-43829 was published for com.liferay.commerce:com.liferay.commerce.shop.by.diagram.web (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XXS through its Commerce Product's Name text field Moderate
CVE-2025-43821 was published for com.liferay.commerce:com.liferay.commerce.product.service (Maven) Oct 8, 2025
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Melis Platform CMS Unauthenticated Admin Account Creation Critical
CVE-2025-10352 was published for melisplatform/melis-core (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Melis Platform CMS Unauthenticated File Upload Leading to RCE Critical
CVE-2025-10353 was published for melisplatform/melis-cms-slider (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database