Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,668 advisories

Loading
SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could... Low Unreviewed
CVE-2025-8052 was published Oct 20, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8053 was published Oct 20, 2025
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Oct 20, 2025
waltjones brianr
Credited to waltjones and brianr
TastyIgniter vulnerable to Cross-Site Scripting Low
CVE-2025-61417 was published for tastyigniter/tastyigniter (Composer) Oct 20, 2025
Tileservice module is affected by information leak vulnerability, successful exploitation of this... Low Unreviewed
CVE-2025-57837 was published Oct 20, 2025
A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the... Low Unreviewed
CVE-2025-11947 was published Oct 20, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62654 was published Oct 18, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Low Unreviewed
CVE-2025-62655 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62653 was published Oct 18, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits... Low Unreviewed
CVE-2025-62643 was published Oct 17, 2025
Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module Low
CVE-2025-62505 was published for @lobehub/chat (npm) Oct 17, 2025
im-soohyun
Credited to im-soohyun
radare2 v5.9.8 and before contains a memory leak in the function bochs_open. Low Unreviewed
CVE-2025-60361 was published Oct 17, 2025
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init. Low Unreviewed
CVE-2025-60360 was published Oct 17, 2025
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to... Low Unreviewed
CVE-2025-11896 was published Oct 17, 2025
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability Low
CVE-2025-62412 was published for librenms/librenms (Composer) Oct 16, 2025
zdi-disclosures
Credited to zdi-disclosures
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability Low
CVE-2025-61581 was published for github.com/apache/trafficcontrol/v8 (Go) Oct 16, 2025
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has an Incorrect Authorization vulnerability Low
CVE-2025-10545 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails Low
CVE-2025-62380 was published for mailgen (npm) Oct 15, 2025
edoardottt
Credited to edoardottt
Applications using affected versions of Ehcache 3.x can experience degraded cache-write... Low Unreviewed
CVE-2025-2529 was published Oct 15, 2025
reflex-dev/reflex has an Open Redirect vulnerability Low
CVE-2025-62379 was published for reflex (pip) Oct 15, 2025
im-soohyun
Credited to im-soohyun
An improper certificate validation vulnerability was reported in the Lenovo Universal Device... Low Unreviewed
CVE-2025-6026 was published Oct 15, 2025
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful... Low Unreviewed
CVE-2025-56746 was published Oct 15, 2025
Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site (... Low Unreviewed
CVE-2025-54196 was published Oct 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database