Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,744 advisories

Loading
memos vulnerability allows the creation of arbitrary accounts High
CVE-2025-65795 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos lacks file name validation or verification Moderate
CVE-2025-65799 was published for github.com/usememos/memos (Go) Dec 8, 2025
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login Critical
CVE-2025-67494 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login High
GHSA-pfrf-9r5f-73f5 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish peintnermax
livio-a
Credited to amit-laish, peintnermax, and livio-a
ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login High
CVE-2025-67495 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish peintnermax
livio-a
Credited to amit-laish, peintnermax, and livio-a
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers High
GHSA-m6wq-66p2-c8pc was published for github.com/babylonlabs-io/babylon (Go) Dec 8, 2025
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond Moderate
GHSA-4rmq-mc2c-r495 was published for github.com/babylonlabs-io/babylon (Go) Dec 9, 2025
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE High
CVE-2025-67488 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 9, 2025
MrRauL124
Credited to MrRauL124
SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin High
GHSA-4r66-7rcv-x46x was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 9, 2025
sebastianosrt
Credited to sebastianosrt
CNA Plugins Portmap nftables backend can intercept non-local traffic Moderate
CVE-2025-67499 was published for github.com/containernetworking/plugins (Go) Dec 9, 2025
agusdallalba champtar
Credited to agusdallalba and champtar
OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs Moderate
GHSA-mjcp-gpgx-ggcg was published for github.com/opentofu/opentofu (Go) Dec 9, 2025
Gogs vulnerable to a bypass of CVE-2024-55947 High
CVE-2025-8110 was published for gogs.io/gogs (Go) Dec 10, 2025
Miniflux has an Open Redirect via protocol-relative redirect_url Low
CVE-2025-67713 was published for miniflux.app/v2 (Go) Dec 10, 2025
satoki
Credited to satoki
Zitadel Discloses the Total Number of Instance Users Moderate
CVE-2025-67717 was published for github.com/zitadel/zitadel (Go) Dec 10, 2025
IAM-marco livio-a
Credited to IAM-marco and livio-a
1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality High
CVE-2025-34410 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Algernon Cross-Site Scripting vulnerability Moderate
CVE-2025-65754 was published for github.com/xyproto/algernon (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality High
CVE-2025-34429 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate
CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database