Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
37
Go
2,529
Maven
5,000+
npm
4,191
NuGet
742
pip
3,969
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,571 advisories

Loading
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128
min-document vulnerable to prototype pollution Low
CVE-2025-57352 was published for min-document (npm) Sep 24, 2025
fast-redact vulnerable to prototype pollution Low
CVE-2025-57319 was published for fast-redact (npm) Sep 24, 2025
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Sep 24, 2025
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute Low
CVE-2025-59842 was published for jupyterlab (pip) Sep 26, 2025
Yaniv-git krassowski
dlqqq
Next.js Race Condition to Cache Poisoning Low
CVE-2025-32421 was published for next (npm) May 15, 2025
cold-try
Template Secret leakage in logs in Scaffolder when using `fetch:template` Low
CVE-2025-55285 was published for @backstage/plugin-scaffolder-backend (npm) Aug 15, 2025
cai0duque
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
web3-core-method is vulnerable to prototype pollution Low
CVE-2025-57329 was published for web3-core-method (npm) Sep 24, 2025
toggle-array vulnerable to prototype pollution Low
CVE-2025-57328 was published for toggle-array (npm) Sep 24, 2025
spmrc vulnerable to prototype pollution Low
CVE-2025-57327 was published for spmrc (npm) Sep 24, 2025
sassdoc-extras vulnerable to prototype pollution Low
CVE-2025-57326 was published for sassdoc-extras (npm) Sep 24, 2025
magix-combine-ex vulnerable to prototype pollution Low
CVE-2025-57321 was published for magix-combine-ex (npm) Sep 24, 2025
node-cube vulnerable to prototype pollution Low
CVE-2025-57348 was published for node-cube (npm) Sep 24, 2025
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
messageformat has a prototype pollution vulnerability Low
CVE-2025-57349 was published for messageformat (npm) Sep 24, 2025
web3-core-subscriptions has a Prototype Pollution vulnerability Low
CVE-2025-57330 was published for web3-core-subscriptions (npm) Sep 24, 2025
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
cranberry3148
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
cranberry3148
Mangati NovoSGA XSS vulnerability in /admin Low
CVE-2025-10909 was published for novosga/novosga (Composer) Sep 24, 2025
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database