Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,207
NuGet
743
pip
3,979
Pub
12
RubyGems
947
Rust
1,034
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,109 advisories

Loading
express-xss-sanitizer has an unbounded recursion depth Moderate
CVE-2025-59364 was published for express-xss-sanitizer (npm) Sep 26, 2025
get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass Critical
CVE-2025-59936 was published for get-jwks (npm) Sep 26, 2025
epureionut99
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute Low
CVE-2025-59842 was published for jupyterlab (pip) Sep 26, 2025
Yaniv-git krassowski
dlqqq
Rancher update on users can deny the service to the admin High
CVE-2024-58260 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Rancher CLI SAML authentication is vulnerable to phishing attacks High
CVE-2024-58267 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Argument injection vulnerability in SonarQube Scan Action High
CVE-2025-59844 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 26, 2025
Apache Airflow: Connection sensitive details exposed to users with READ permissions Moderate
CVE-2025-54831 was published for apache-airflow (pip) Sep 26, 2025
Hutool allows remote code execution (RCE) via the QLExpressEngine class High
CVE-2025-56769 was published for cn.hutool:hutool-extra (Maven) Sep 26, 2025
Liferay Portal and DXP vulnerable to a memory leak Moderate
CVE-2025-43816 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Sep 25, 2025
ml-logger file handler allows reading arbitrary files Moderate
CVE-2025-10952 was published for ml-logger (pip) Sep 25, 2025
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters High
CVE-2025-59830 was published for rack (RubyGems) Sep 25, 2025
kwkr jeremyevans
ioquatix
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
apidoc-core is vulnerable to prototype pollution High
CVE-2025-57317 was published for apidoc-core (npm) Sep 25, 2025
cors-anywhere vulnerable to server-side request forgery Critical
CVE-2020-36851 was published for cors-anywhere (npm) Sep 25, 2025
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
ml-logger has path traversal in the file argument Moderate
CVE-2025-10951 was published for ml-logger (pip) Sep 25, 2025
dref is vulnerable to prototype pollution High
CVE-2025-26278 was published for dref (npm) Sep 25, 2025
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
ts-fns has prototype pollution vulnerability Moderate
CVE-2025-57351 was published for ts-fns (npm) Sep 24, 2025
csvjson vulnerable to prototype injection High
CVE-2025-57318 was published for csvjson (npm) Sep 24, 2025
json-schema-editor-visual vulnerable to prototype pollution Moderate
CVE-2025-57320 was published for json-schema-editor-visual (npm) Sep 24, 2025
fast-redact vulnerable to prototype pollution Low
CVE-2025-57319 was published for fast-redact (npm) Sep 24, 2025
magix-combine-ex vulnerable to prototype pollution Low
CVE-2025-57321 was published for magix-combine-ex (npm) Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database