Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

140,605 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-10727 was published Oct 23, 2025
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly... Moderate Unreviewed
CVE-2025-62813 was published Oct 23, 2025
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of... Moderate Unreviewed
CVE-2025-62499 was published Oct 23, 2025
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged... Moderate Unreviewed
CVE-2025-48430 was published Oct 23, 2025
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary... Moderate Unreviewed
CVE-2025-62820 was published Oct 23, 2025
GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert... Moderate Unreviewed
CVE-2025-54806 was published Oct 23, 2025
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If... Moderate Unreviewed
CVE-2025-54856 was published Oct 23, 2025
Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a... Moderate Unreviewed
CVE-2025-41402 was published Oct 23, 2025
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre... Moderate Unreviewed
CVE-2025-35981 was published Oct 23, 2025
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could... Moderate Unreviewed
CVE-2025-48428 was published Oct 23, 2025
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems... Moderate Unreviewed
CVE-2025-58712 was published Oct 22, 2025
Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS) Moderate
CVE-2025-62248 was published for com.liferay:com.liferay.dynamic.data.mapping.web (Maven) Oct 22, 2025
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to... Moderate Unreviewed
CVE-2022-49584 was published Oct 22, 2025
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use... Moderate Unreviewed
CVE-2022-49562 was published Oct 22, 2025
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fix... Moderate Unreviewed
CVE-2022-49565 was published Oct 22, 2025
OpenBao and Vault Leak []byte Fields in Audit Logs Moderate
CVE-2025-62705 was published for github.com/openbao/openbao (Go) Oct 22, 2025
phil9909 satoqz
Credited to phil9909 and satoqz
pypdf can exhaust RAM via manipulated LZWDecode streams Moderate
CVE-2025-62708 was published for pypdf (pip) Oct 22, 2025
tylzh97 stefan6419846
Credited to tylzh97 and stefan6419846
pypdf possibly loops infinitely when reading DCT inline images without EOF marker Moderate
CVE-2025-62707 was published for pypdf (pip) Oct 22, 2025
tylzh97 stefan6419846
Credited to tylzh97 and stefan6419846
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories Moderate
CVE-2025-11965 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
OpenBao leaks HTTPRawBody in Audit Logs Moderate
CVE-2025-62513 was published for github.com/openbao/openbao (Go) Oct 22, 2025
NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could... Moderate Unreviewed
CVE-2025-23299 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22175 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22168 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22176 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the... Moderate Unreviewed
CVE-2025-22171 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database