Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,835 advisories

Loading
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover Critical
CVE-2025-58434 was published for flowise (npm) Sep 12, 2025
zaddy6 arthurgervais
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-7vm2-j586-vcvc was published for SurrealDB (Rust) Sep 11, 2025
kearfy
Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool Moderate
CVE-2025-56556 was published for intelliants/subrion (Composer) Sep 11, 2025
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi
Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass High
CVE-2025-43790 was published for com.liferay:com.liferay.object.service (Maven) Sep 11, 2025
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
Prebid-universal-creative latest on npm briefly compromised Critical
CVE-2025-59039 was published for prebid-universal-creative (npm) Sep 11, 2025
Prebid.js NPM package briefly compromised High
CVE-2025-59038 was published for prebid.js (npm) Sep 11, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Low
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott jkrems
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data Moderate
CVE-2025-43784 was published for com.liferay:com.liferay.headless.builder.impl (Maven) Sep 10, 2025
Liferay Portal is vulnerable to Reflected XSS attack through get_editor path Moderate
CVE-2025-43783 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Sep 10, 2025
Infrahub: Deleted and expired API tokens can still authenticate Moderate
CVE-2025-59036 was published for infrahub-server (pip) Sep 10, 2025
fatih-acar
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components High
GHSA-9v82-vcjx-m76j was published for shopware/core (Composer) Sep 10, 2025
xml2rfc is vulnerable to arbitrary file reads through prepped files High
GHSA-9mv7-3c64-mmqw was published for xml2rfc (pip) Sep 10, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code Moderate
CVE-2025-59035 was published for indico (pip) Sep 10, 2025
ThiefMaster
Indico may disclose unauthorized user details access via legacy API Moderate
CVE-2025-59034 was published for indico (pip) Sep 10, 2025
inkz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database