Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,835
Erlang
36
GitHub Actions
33
Go
2,452
Maven
5,000+
npm
4,077
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

8,239 advisories

Loading
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
x402 SDK vulnerable in outdated versions in resource servers for builders High
GHSA-3j63-5h8p-gf7c was published for x402 (npm) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Request Forgery High
CVE-2025-43748 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source High
CVE-2025-52478 was published for n8n (npm) Aug 19, 2025
dana-gill pfelilpe
agustedone ffaggiani LucianoSorrentino95
Copier's safe template has arbitrary filesystem read/write access High
CVE-2025-55201 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code High
CVE-2025-55284 was published for @anthropic-ai/claude-code (npm) Aug 18, 2025
HashiCorp go-getter Vulnerable to Symlink Attacks High
CVE-2025-8959 was published for github.com/hashicorp/go-getter (Go) Aug 15, 2025
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py High
CVE-2025-50817 was published for future (pip) Aug 14, 2025
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. High
CVE-2025-54867 was published for youki (Rust) Aug 14, 2025
saku3 utam0k
Active Storage allowed transformation methods that were potentially unsafe High
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access High
CVE-2025-55196 was published for github.com/external-secrets/external-secrets (Go) Aug 13, 2025
gracedo moolen
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
OliveTin OS Command Injection vulnerability High
CVE-2025-50946 was published for github.com/OliveTin/OliveTin (Go) Aug 13, 2025
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat:tomcat-coyote (Maven) Aug 13, 2025
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms High
CVE-2025-52392 was published for soosyze/soosyze (Composer) Aug 13, 2025
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality High
CVE-2025-8747 was published for keras (pip) Aug 12, 2025
Magento Cross-site Scripting vulnerability High
CVE-2025-49557 was published for magento/community-edition (Composer) Aug 12, 2025
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE High
CVE-2025-55164 was published for content-security-policy-parser (npm) Aug 12, 2025
pnappa EvanHahn
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass High
GHSA-9gvj-pp9x-gcfr was published for picklescan (pip) Aug 12, 2025
Lyutoon
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter High
CVE-2025-55156 was published for pyload-ng (pip) Aug 12, 2025
cyjhhh
Komari vulnerable to 2FA Authentication Bypass High
GHSA-jhmr-57cj-q6g9 was published for github.com/komari-monitor/komari (Go) Aug 12, 2025
imlonghao
Komari vulnerable to Cross-site WebSocket Hijacking High
GHSA-q355-h244-969h was published for github.com/komari-monitor/komari (Go) Aug 12, 2025
imlonghao
Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions High
CVE-2025-52931 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function High
CVE-2025-54478 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Improper Validation of Specified Type of Input High
CVE-2025-54525 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database