Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,416
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,392 advisories

Loading
Keycloak-services SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended Moderate
CVE-2025-54885 was published for thinbus-srp (npm) Aug 6, 2025
SvenSchindler
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-5197 was published for transformers (pip) Aug 6, 2025
HashiCorp Vault ldap auth method may not have correctly enforced MFA Moderate
CVE-2025-6013 was published for github.com/hashicorp/vault (Go) Aug 6, 2025
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-522r-9946-fw43 was published for github.com/cloudflare/circl (Go) Aug 6, 2025 withdrawn
Shopware race condition bypasses voucher restrictions Moderate
CVE-2025-7954 was published for shopware/platform (Composer) Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
RISC Zero Underconstrained Vulnerability: Division Low
CVE-2025-54873 was published for risc0-circuit-rv32im (Rust) Aug 5, 2025
VeridiseAudits
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki allows Reflected XSS in two templates Moderate
CVE-2025-32430 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 5, 2025
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0
Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder High
CVE-2025-54801 was published for github.com/gofiber/fiber/v2 (Go) Aug 5, 2025
anuraagbaishya
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY devhaozi
russh is missing overflow checks during channel windows adjust Moderate
CVE-2025-54804 was published for russh (Rust) Aug 4, 2025
onjonjo
js-toml Prototype Pollution Vulnerability High
CVE-2025-54803 was published for js-toml (npm) Aug 4, 2025
siunam321
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
ptrgits ikhsanzdev
copyparty allows Regex Denial of Service (ReDoS) in the upload listing High
CVE-2025-54796 was published for copyparty (pip) Aug 4, 2025
geraldino2
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database