Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10,902 advisories

Loading
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter Moderate
CVE-2025-62264 was published for com.liferay.portal:release.portal.bom (Maven) Oct 31, 2025
Rancher exposes sensitive information through audit logs Moderate
CVE-2024-58269 was published for github.com/rancher/rancher (Go) Oct 24, 2025
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing Moderate
CVE-2025-11226 was published for ch.qos.logback:logback-core (Maven) Oct 1, 2025
chrismcmacken
Credited to chrismcmacken
cryptidy allows code execution via untrusted data due to pickle.loads Moderate
CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025
Liferay Portal is vulnerable to XSS in the Blogs widget Moderate
CVE-2025-62265 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Liferay Portal is vulnerable to DNS rebinding attacks Moderate
CVE-2025-62266 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Ansible does not collect garbage after playbook run Moderate
CVE-2020-25635 was published for ansible (pip) Oct 31, 2025
messageformat prototype pollution vulnerability Moderate
CVE-2025-57353 was published for @messageformat/runtime (npm) Sep 24, 2025
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) Moderate
CVE-2025-62594 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Oct 27, 2025
amethyst0225 jin-156
hanbunny yosiimich
Credited to amethyst0225, jin-156, hanbunny, and yosiimich
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
exside
Credited to novacuum, imorland, and exside
node-tar has a race condition leading to uninitialized memory exposure Moderate
CVE-2025-64118 was published for tar (npm) Oct 30, 2025
ChALkeR
Credited to ChALkeR
NeuVector is shipping cryptographic material into its binary Moderate
CVE-2025-54471 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
Drupal JSON Field is vulnerable to XSS Moderate
CVE-2025-10926 was published for drupal/json_field (Composer) Oct 30, 2025
Drupal Plausible tracking is vulnerable to XSS Moderate
CVE-2025-10927 was published for drupal/plausible_tracking (Composer) Oct 30, 2025
Apache Airflow's create action can upsert existing Pools/Connections/Variables Moderate
CVE-2025-62503 was published for apache-airflow (pip) Oct 30, 2025
Apache Airflow has a command injection vulnerability in "example_dag_decorator" Moderate
CVE-2025-54941 was published for apache-airflow (pip) Oct 30, 2025
Apache Airflow `/api/v2/dagReports` executes DAG Python in API Moderate
CVE-2025-62402 was published for apache-airflow (pip) Oct 30, 2025
Liferay Portal vulnerable to password enumeration Moderate
CVE-2025-62257 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Drupal CivicTheme Design System allows Cross-Site Scripting (XSS) Moderate
CVE-2025-12083 was published for drupal/civictheme (Composer) Oct 30, 2025
Drupal Currency allows Cross Site Request Forgery Moderate
CVE-2025-10930 was published for drupal/currency (Composer) Oct 30, 2025
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables Moderate
CVE-2025-10929 was published for drupal/reverse_proxy_header (Composer) Oct 30, 2025
Drupal Access code allows Brute Force Attempts Moderate
CVE-2025-10928 was published for drupal/access_code (Composer) Oct 30, 2025
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th G-Rath
Credited to R4356th and G-Rath
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability Moderate
GHSA-grjp-54v3-c442 was published for usd-core (pip) Oct 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database