Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,138 advisories

Loading
ABP Account Module has an Open Redirect through Improper validation in its register function Moderate
CVE-2025-65581 was published for Volo.Abp.Account.Web (NuGet) Dec 16, 2025
Http4s improperly parses User-Agent and Server headers High
CVE-2023-22465 was published for org.http4s:http4s-core (Maven) Jan 6, 2023
Improper Input Validation in Apache Spark High
CVE-2018-11804 was published for org.apache.spark:spark-core_2.10 (Maven) May 14, 2022
Mattermost Server allows attackers to create buttons that can launch API requests Moderate
CVE-2017-18890 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to webhook and slash command manipulation Moderate
CVE-2017-18889 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Apache Axis2 has Improper Input Validation Moderate
CVE-2012-5785 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
steinybot
Credited to steinybot
Claude Code Command Validation Bypass Allows Arbitrary Code Execution High
CVE-2025-66032 was published for @anthropic-ai/claude-code (npm) Dec 3, 2025
Ry0taK
Credited to Ry0taK
FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management Moderate
CVE-2025-65657 was published for feehi/cms (Composer) Dec 2, 2025
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
mdast-util-to-hast has unsanitized class attribute Moderate
CVE-2025-66400 was published for mdast-util-to-hast (npm) Dec 2, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron shaked-seal
Credited to masasron and shaked-seal
JDBC Driver for SQL Server has improper input validation issue High
CVE-2025-59250 was published for com.microsoft.sqlserver:mssql-jdbc (Maven) Oct 14, 2025
Fidget-Grep andreasmh
urielcos
Credited to Fidget-Grep, andreasmh, and urielcos
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96 davidaxion
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, ywang96, and davidaxion
angular Prototype Pollution vulnerability High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
CVE-2025-13033 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
Directus is Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-64747 was published for directus (npm) Nov 14, 2025
Cl0wnK1n9
Credited to Cl0wnK1n9
Magento affected by a server-side denial-of-service using a GraphQL field High
CVE-2021-36044 was published for magento/community-edition (Composer) May 24, 2022
Magento executes code via the API File Option Upload Extension Critical
CVE-2021-36042 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to file upload attack High
CVE-2021-36041 was published for magento/community-edition (Composer) May 24, 2022
Magento has a file extension restrictions bypass Critical
CVE-2021-36040 was published for magento/community-edition (Composer) May 24, 2022
Magento discloses sensitive information via the Multishipping Module Moderate
CVE-2021-36038 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution via a file upload High
CVE-2021-36034 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability while saving a customer's details Critical
CVE-2021-36025 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability High
CVE-2021-36032 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database