Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,487 advisories

Loading
Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter Moderate
CVE-2025-62253 was published for com.liferay:com.liferay.layout.admin.web (Maven) Oct 27, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Wasmtime vulnerable to segfault when using component resources Low
CVE-2025-62711 was published for wasmtime (Rust) Oct 27, 2025
alexcrichton
Credited to alexcrichton
BBOT's gitlab.py exposes globally configured "gitlab" API key Moderate
CVE-2025-10282 was published for bbot (pip) Oct 27, 2025
justinsteven
Credited to justinsteven
InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement Moderate
CVE-2025-62782 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
InventoryGui affected by item duplication in GUIs which use GuiStorageElement Moderate
CVE-2025-62783 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
FaMa91
Credited to FaMa91
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Relative Path Traversal High
CVE-2025-55752 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
pg8000 SQL injection vulnerability via a specially crafted Python list input High
CVE-2025-61385 was published for pg8000 (pip) Oct 27, 2025
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
LangGraph's SQLite store implementation has a SQL Injection Vulnerability High
CVE-2025-8709 was published for langgraph-checkpoint-sqlite (pip) Oct 26, 2025
Bouncy Castle Vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-12194 was published for org.bouncycastle:bc-fips (Maven) Oct 25, 2025
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass Moderate
GHSA-q7jf-gf43-6x6p was published for hono (npm) Oct 24, 2025
Rancher exposes sensitive information through audit logs Moderate
CVE-2024-58269 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Karmada Dashboard API Unauthorized Access Vulnerability Critical
CVE-2025-62714 was published for github.com/karmada-io/dashboard (Go) Oct 24, 2025
warjiang noxosd
RainbowMango
Credited to warjiang, noxosd, and RainbowMango
Rancher user retains access to clusters despite Global Role removal Moderate
CVE-2023-32199 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Liferay Portal ComboServlet denial of service via large file combination Moderate
CVE-2025-62254 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 24, 2025
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON High
CVE-2025-12044 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
MCMS reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-60837 was published for net.mingsoft:ms-mcms (Maven) Oct 23, 2025
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
rollbar vulnerable to Prototype Pollution in merge() Moderate
CVE-2025-62517 was published for rollbar (npm) Oct 23, 2025
waltjones brianr
kiwi865
Credited to waltjones, brianr, and kiwi865
Piranha CMS vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2025-61413 was published for Piranha (NuGet) Oct 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database