Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,486
Maven
5,000+
npm
4,104
NuGet
735
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,525 advisories

Loading
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
Memos Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2025-56761 was published for github.com/usememos/memos (Go) Sep 4, 2025
Memos Vulnerable to Path Traversal via the CreateResource Endpoint Moderate
CVE-2025-56760 was published for github.com/usememos/memos (Go) Sep 4, 2025
Mautic Vulnerable to User Enumeration via Response Timing Moderate
CVE-2025-9824 was published for mautic/core (Composer) Sep 3, 2025
Vautia kuzmany
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Moderate
CVE-2025-9823 was published for mautic/core (Composer) Sep 3, 2025
nmmorette kuzmany
patrykgruszka
Mautic vulnerable to secret data extraction via elfinder Moderate
CVE-2025-9822 was published for mautic/core (Composer) Sep 3, 2025
B0D0B0P0T lenonleite
kuzmany
frost-core: refresh shares with smaller min_signers will reduce security of group Moderate
CVE-2025-58359 was published for frost-core (Rust) Sep 3, 2025
Electron has ASAR Integrity Bypass via resource modification Moderate
CVE-2025-55305 was published for electron (npm) Sep 3, 2025
dariushoule
Netty's decoders vulnerable to DoS via zip bomb style attack Moderate
CVE-2025-58057 was published for io.netty:netty-codec (Maven) Sep 3, 2025
yawkat
Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated Moderate
CVE-2025-58459 was published for org.jenkins-ci.plugins:global-build-stats (Maven) Sep 3, 2025
Jenkins Git client Plugin file system information disclosure vulnerability Moderate
CVE-2025-58458 was published for org.jenkins-ci.plugins:git-client (Maven) Sep 3, 2025
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
ArrayQueue's push_front is not panic-safe Moderate
GHSA-xqjr-wfx3-gmxv was published for array-queue (Rust) Sep 2, 2025
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction Moderate
CVE-2025-58162 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Local Deep Research's API keys are stored in plain text Moderate
CVE-2025-57806 was published for local-deep-research (pip) Sep 2, 2025
i-d-lytvynenko
Silverpeas Core Username Enumeration Vulnerability Moderate
CVE-2025-46047 was published for org.silverpeas.core:silverpeas-core (Maven) Sep 2, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes Moderate
CVE-2025-57752 was published for next (npm) Aug 29, 2025
reddounsf medikoo
Next.js Content Injection Vulnerability for Image Optimization Moderate
CVE-2025-55173 was published for next (npm) Aug 29, 2025
kristianmagas
Next.js Improper Middleware Redirect Handling Leads to SSRF Moderate
CVE-2025-57822 was published for next (npm) Aug 29, 2025
Liferay Portal allows improper access through the expandoTableLocalService Moderate
CVE-2025-43773 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl (Maven) Aug 29, 2025
webp crate may expose memory contents when encoding an image Moderate
GHSA-9q78-27f3-2jmh was published for webp (Rust) Aug 29, 2025
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database