Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,528 advisories

Loading
Mattermost has Potential Server Crash due to Unvalidated Import Data Moderate
CVE-2025-8402 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Sanitize File Names Moderate
CVE-2025-6465 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Liferay Portal Username Enumeration Vulnerability Moderate
CVE-2025-43754 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter Moderate
CVE-2025-43756 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter Moderate
CVE-2025-43755 was published for com.liferay:com.liferay.layout.admin.web (Maven) Aug 21, 2025
Keycloak Potential Variable Reference in Model Storage Services Moderate
CVE-2025-9162 was published for org.keycloak:keycloak-model-storage-services (Maven) Aug 21, 2025
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request Moderate
CVE-2025-57753 was published for vite-plugin-static-copy (npm) Aug 21, 2025
ikkisoft
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-2464-8j7c-4cjm was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
UnoPim vulnerable to CSRF on Product edit feature and creation of other types Moderate
CVE-2025-55744 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality Moderate
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Mattermost Fails to Sanitize Path Traversal Sequences Moderate
CVE-2025-8023 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate File Paths Moderate
CVE-2025-36530 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Does Not Sanitize the Team Invite ID Moderate
CVE-2025-47870 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping Moderate
CVE-2025-43746 was published for ccom.liferay:com.liferay.dynamic.data.mapping.web (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter Moderate
CVE-2025-43757 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
CRI-O has Potential High Memory Consumption from File Read Moderate
CVE-2025-4437 was published for github.com/cri-o/cri-o (Go) Aug 20, 2025
Liferay Portal Unvalidated File Upload Moderate
CVE-2025-43750 was published for com.liferay:com.liferay.dynamic.data.mapping.form.web (Maven) Aug 20, 2025
Liferay Portal Unauthenticated File Access via URL Moderate
CVE-2025-43749 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting through URLs Moderate
CVE-2025-43742 was published for com.liferay:com.liferay.layout.type.controller.display.page (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter Moderate
CVE-2025-43741 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java Moderate
CVE-2024-39954 was published for org.apache.eventmesh:eventmesh-runtime (Maven) Aug 20, 2025
Default Credentials in nginx-defender Configuration Files Moderate
CVE-2025-55740 was published for github.com/Anipaleja/nginx-defender (Go) Aug 19, 2025
Anipaleja
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database