Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,034
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Moderate
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
cai0duque
Credited to cai0duque
@digitalocean/do-markdownit has Type Confusion vulnerability Moderate
CVE-2025-59717 was published for @digitalocean/do-markdownit (npm) Sep 19, 2025
cai0duque
Credited to cai0duque
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
Decap CMS Cross Site Scripting (XSS) vulnerability Moderate
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Moderate
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Moderate
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
mcp-kubernetes-server has a Command Injection vulnerability Moderate
CVE-2025-59376 was published for mcp-kubernetes-server (pip) Sep 15, 2025
cai0duque
Credited to cai0duque
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
cai0duque
Credited to cai0duque
@sequa-ai/sequa-mcp has Command Injection vulnerability Moderate
CVE-2025-10619 was published for @sequa-ai/sequa-mcp (npm) Sep 17, 2025
cai0duque
Credited to cai0duque
Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth Moderate
GHSA-qhwp-454g-2gv4 was published for express-xss-sanitizer (npm) Sep 15, 2025 withdrawn
cai0duque AhmedAdelFahim
Credited to cai0duque and AhmedAdelFahim
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Moderate
CVE-2025-58457 was published for org.apache.zookeeper:zookeeper (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
WSO2 Identity Server Apps allows content spoofing in logs Moderate
CVE-2024-6429 was published for org.wso2.identity.apps:authentication-portal (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
cai0duque bentasker
swils23 ichard26
Credited to cai0duque, bentasker, swils23, and ichard26
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database