Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,360 advisories

Loading
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures
Credited to DepthFirstDisclosures
Apache Spark has Inadequate Encryption Strength Moderate
CVE-2025-55039 was published for org.apache.spark:spark-network-common_2.12 (Maven) Oct 15, 2025
Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs Moderate
CVE-2025-62374 was published for parse (npm) Oct 14, 2025
Moumouls mtrezza
Credited to Moumouls and mtrezza
Magento vulnerable to stored Cross-Site Scripting (XSS) Moderate
CVE-2025-54266 was published for magento/community-edition (Composer) Oct 14, 2025
Magento vulnerable to privilege escalation due to incorrect authorization Moderate
CVE-2025-54267 was published for magento/community-edition (Composer) Oct 14, 2025
Magento provides incorrect authorization through a security feature bypass High
CVE-2025-54263 was published for magento/community-edition (Composer) Oct 14, 2025
Magento allows incorrect authorization Moderate
CVE-2025-54265 was published for magento/community-edition (Composer) Oct 14, 2025
Magento vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2025-54264 was published for magento/community-edition (Composer) Oct 14, 2025
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages High
CVE-2025-34267 was published for flowise (npm) Oct 14, 2025
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Critical
CVE-2025-55315 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 14, 2025
victorisr udlose
Credited to victorisr and udlose
CometBFT's invalid BitArray handling can lead to network halt High
GHSA-hrhf-2vcr-ghch was published for github.com/cometbft/cometbft (Go) Oct 14, 2025
whoismxuse
Credited to whoismxuse
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails Low
CVE-2025-62366 was published for mailgen (npm) Oct 14, 2025
edoardottt
Credited to edoardottt
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name High
CVE-2025-62172 was published for homeassistant (pip) Oct 14, 2025
pwnpanda
Credited to pwnpanda
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak
Credited to r0binak
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate Moderate
CVE-2025-59288 was published for playwright (npm) Oct 14, 2025
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
GHSA-987x-96fq-9384 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 14, 2025 withdrawn
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability High
GHSA-q8g5-rw97-f55h was published for Microsoft.Build.Tasks.Core (NuGet) Oct 14, 2025 withdrawn
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun J1vvoo
Credited to im-soohyun and J1vvoo
Apache Geode web-api is vulnerable to Cross-site Scripting Moderate
CVE-2024-44088 was published for org.apache.geode:geode-web-api (Maven) Oct 14, 2025
Liferay has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-62251 was published for com.liferay:com.liferay.site.navigation.menu.item.asset.vocabulary (Maven) Oct 14, 2025
LibreNMS is vulnerable to Reflected-XSS in `report_this` function Moderate
CVE-2025-62365 was published for librenms/librenms (Composer) Oct 13, 2025
GatekeeperBuster
Credited to GatekeeperBuster
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database