Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,612 advisories

Loading
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th
Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-43808 was published for com.liferay.commerce:com.liferay.commerce.product.type.virtual.service (Maven) Sep 19, 2025
Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-43809 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 19, 2025
Liferay Contacts Center widget has insecure direct object reference Moderate
CVE-2025-43803 was published for com.liferay:com.liferay.contacts.web (Maven) Sep 19, 2025
Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length Moderate
CVE-2025-23041 was published for Umbraco.Forms (NuGet) Jan 14, 2025
RGV2ZWxvcGVy
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON Moderate
CVE-2025-53864 was published for com.nimbusds:nimbus-jose-jwt (Maven) Jul 11, 2025
phrabec vtintillier
Grafana-Zabbix ReDoS vulnerability Moderate
CVE-2025-10630 was published for github.com/alexanderzobnin/grafana-zabbix (Go) Sep 19, 2025
@digitalocean/do-markdownit has Type Confusion vulnerability Moderate
CVE-2025-59717 was published for @digitalocean/do-markdownit (npm) Sep 19, 2025
Snipe-IT allows XSS Moderate
CVE-2025-59712 was published for snipe/snipe-it (Composer) Sep 19, 2025
Snipe-IT allows unsafe deserialization Moderate
CVE-2025-59713 was published for snipe/snipe-it (Composer) Sep 19, 2025
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
CVE-2025-59427 was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages Moderate
CVE-2025-59417 was published for @lobehub/chat (npm) Sep 18, 2025
jackfromeast Suuuuuzy
ggit is vulnerable to Arbitrary Argument Injection via the clone() API Moderate
CVE-2024-21533 was published for ggit (npm) Oct 8, 2024
lirantal
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Moderate
CVE-2025-1647 was published for bootstrap (npm) May 15, 2025
levpachmanov
DragonFly has weak integrity checks for downloaded files Moderate
CVE-2025-59354 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
DragonFly vulnerable to arbitrary file read and write on a peer machine Moderate
CVE-2025-59352 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error Moderate
CVE-2025-59351 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
Dragonfly incorrectly handles a task structure’s usedTrac field Moderate
CVE-2025-59348 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins is missing a permission check in the authenticated users' profile menu Moderate
CVE-2025-59475 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins has a missing permission check, allowing users to obtain agent names Moderate
CVE-2025-59474 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Keycloak SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database