Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

306,158 advisories

Loading
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field Moderate
CVE-2025-43807 was published for com.liferay:com.liferay.change.tracking.service (Maven) Sep 22, 2025
Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-43808 was published for com.liferay.commerce:com.liferay.commerce.product.type.virtual.service (Maven) Sep 19, 2025
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
Liferay Portal Reflected XSS in blogs-web Moderate
CVE-2025-4576 was published for com.liferay:com.liferay.blogs.web (Maven) Aug 8, 2025
NetBird uses a static initialization vector (IV) High
CVE-2024-41260 was published for github.com/netbirdio/netbird (Go) Aug 1, 2024
mlsmaycon
Credited to mlsmaycon
Apache CXF: Denial of Service vulnerability with temporary files High
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
RafSobol
Credited to RafSobol
Miniflux has an Open Redirect via protocol-relative redirect_url Moderate
CVE-2025-67713 was published for miniflux.app/v2 (Go) Dec 10, 2025
satoki
Credited to satoki
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer High
CVE-2025-67721 was published for io.airlift:aircompressor-v3 (Maven) Dec 12, 2025
kyakdan
Credited to kyakdan
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
Credited to ahacker1-securesaml and cjbarth
ABP Account Module has an Open Redirect through Improper validation in its register function Moderate
CVE-2025-65581 was published for Volo.Abp.Account.Web (NuGet) Dec 16, 2025
systeminformation has a Command Injection vulnerability in fsSize() function on Windows High
CVE-2025-68154 was published for systeminformation (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter High
CVE-2025-68150 was published for parse-server (npm) Dec 16, 2025
yueyueL mtrezza
Credited to yueyueL and mtrezza
Expr has Denial of Service via Unbounded Recursion in Builtin Functions High
CVE-2025-68156 was published for github.com/expr-lang/expr (Go) Dec 16, 2025
thevilledev
Credited to thevilledev
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser_0.25 (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler... Moderate Unreviewed
CVE-2025-64012 was published Dec 16, 2025
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version... Moderate Unreviewed
CVE-2025-65427 was published Dec 16, 2025
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator... Moderate Unreviewed
CVE-2025-46296 was published Dec 16, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68068 was published Dec 16, 2025
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused... Critical Unreviewed
CVE-2025-46295 was published Dec 16, 2025
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS... Moderate Unreviewed
CVE-2025-46294 was published Dec 16, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68062 was published Dec 16, 2025
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown... Moderate Unreviewed
CVE-2025-14650 was published Dec 14, 2025
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an... Moderate Unreviewed
CVE-2025-14639 was published Dec 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database