Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,568 advisories

Loading
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute Low
CVE-2025-59842 was published for jupyterlab (pip) Sep 26, 2025
Yaniv-git krassowski
dlqqq
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
sassdoc-extras vulnerable to prototype pollution Low
CVE-2025-57326 was published for sassdoc-extras (npm) Sep 24, 2025
messageformat has a prototype pollution vulnerability Low
CVE-2025-57349 was published for messageformat (npm) Sep 24, 2025
magix-combine-ex vulnerable to prototype pollution Low
CVE-2025-57321 was published for magix-combine-ex (npm) Sep 24, 2025
web3-core-subscriptions has a Prototype Pollution vulnerability Low
CVE-2025-57330 was published for web3-core-subscriptions (npm) Sep 24, 2025
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Sep 24, 2025
toggle-array vulnerable to prototype pollution Low
CVE-2025-57328 was published for toggle-array (npm) Sep 24, 2025
spmrc vulnerable to prototype pollution Low
CVE-2025-57327 was published for spmrc (npm) Sep 24, 2025
web3-core-method is vulnerable to prototype pollution Low
CVE-2025-57329 was published for web3-core-method (npm) Sep 24, 2025
node-cube vulnerable to prototype pollution Low
CVE-2025-57348 was published for node-cube (npm) Sep 24, 2025
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Mangati NovoSGA XSS vulnerability in /admin Low
CVE-2025-10909 was published for novosga/novosga (Composer) Sep 24, 2025
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal Low
GHSA-mm7x-qfjj-5g2c was published for ammonia (Rust) Sep 22, 2025
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
REXML has DoS condition when parsing malformed XML file Low
CVE-2025-58767 was published for rexml (RubyGems) Sep 17, 2025
sofiaaberegg
TYPO3 "Form to Database" extension susceptible to Cross-site Scripting Low
CVE-2025-10316 was published for lavitto/typo3-form-to-database (Composer) Sep 16, 2025
Liferay DXP Missing Critical Step in Authentication Low
CVE-2025-43798 was published for com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web (Maven) Sep 15, 2025
Liferay Portal has External Control of System or Configuration Settings Low
CVE-2025-43792 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Sep 15, 2025
Mattermost Open Redirect vulnerability Low
CVE-2025-9084 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database