Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,487 advisories

Loading
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form Moderate
CVE-2025-64145 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins Themis Plugin is missing a permission check Moderate
CVE-2025-64137 was published for org.jenkins-ci.plugins:themis (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64138 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax Moderate
CVE-2025-62798 was published for code16/sharp (Composer) Oct 29, 2025
robyfirnandoyusuf aguingand
Credited to robyfirnandoyusuf and aguingand
NextAuthjs Email misdelivery Vulnerability Moderate
GHSA-5jpx-9hw9-2fx4 was published for next-auth (npm) Oct 29, 2025
rootxjs
Credited to rootxjs
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
Consul key/value endpoint is vulnerable to denial of service Moderate
CVE-2025-11374 was published for github.com/hashicorp/consul (Go) Oct 28, 2025
Consul event endpoint is vulnerable to denial of service Moderate
CVE-2025-11375 was published for github.com/hashicorp/consul (Go) Oct 28, 2025
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon
Credited to ch4n3-yoon
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen tjade273
Credited to katexochen and tjade273
InventoryGui allows item duplication in GUIs which use GuiStorageElement Moderate
CVE-2025-62784 was published for de.themoep:inventorygui (Maven) Oct 28, 2025
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High
CVE-2025-59837 was published for astro (npm) Oct 28, 2025
everping GeneralZero
Credited to everping and GeneralZero
Silver has unrestricted traffic between Wireguard clients Moderate
CVE-2025-27093 was published for github.com/bishopfox/sliver (Go) Oct 28, 2025
catmandx
Credited to catmandx
Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate
CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP) Moderate
CVE-2025-62171 was published for Magick.NET-Q16-AnyCPU (NuGet) Oct 28, 2025
wooseokdotkim
Credited to wooseokdotkim
Keycloak allows access to admin path through flaw Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025
Liferay Portal Vulnerable to DoS via Crafted Headless API Request High
CVE-2025-62260 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Portal Does Not Limit Access to APIs Before Email Verification Moderate
CVE-2025-62259 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Portal Vulnerable to CSRF in Headless APIs High
CVE-2025-62258 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Portal Stores Password Reset Tokens in Plain Text Moderate
CVE-2025-62261 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 28, 2025
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) Moderate
CVE-2025-62594 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Oct 27, 2025
amethyst0225 jin-156
hanbunny yosiimich
Credited to amethyst0225, jin-156, hanbunny, and yosiimich
Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature Moderate
CVE-2025-62262 was published for com.liferay:com.liferay.portal.security.ldap.impl (Maven) Oct 27, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-62263 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database