Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,062 advisories

Loading
memos vulnerability allows arbitrarily modification or deletion registered identity providers Moderate
CVE-2025-65797 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows the creation of arbitrary accounts High
CVE-2025-65795 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos lacks file name validation or verification Moderate
CVE-2025-65799 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily modification or deletion of attachments Moderate
CVE-2025-65798 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily reactions deletion Moderate
CVE-2025-65796 was published for github.com/usememos/memos (Go) Dec 8, 2025
Path Normalization Bypass in Traefik Router + Middleware Rules Moderate
CVE-2025-66490 was published for github.com/traefik/traefik (Go) Dec 8, 2025
ShadoooooW
Credited to ShadoooooW
Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes Moderate
CVE-2025-10543 was published for github.com/eclipse/paho.mqtt.golang (Go) Dec 2, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API Moderate
CVE-2025-60633 was published for github.com/free5gc/openapi (Go) Nov 24, 2025
quic-go HTTP/3 QPACK Header Expansion DoS Moderate
CVE-2025-64702 was published for github.com/quic-go/quic-go (Go) Dec 11, 2025
sfoxio
Credited to sfoxio
Weblate has improper validation upon invitation acceptance Low
CVE-2025-64725 was published for Weblate (pip) Dec 15, 2025
Apache StreamPark has a hard-coded encryption key High
CVE-2025-54947 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Liferay Portal Commerce Shop is vulnerable to Stored XSS through SVG file Moderate
CVE-2025-43829 was published for com.liferay.commerce:com.liferay.commerce.shop.by.diagram.web (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field Moderate
CVE-2025-43821 was published for com.liferay.commerce:com.liferay.commerce.product.service (Maven) Oct 8, 2025
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page Moderate
CVE-2025-43822 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget Moderate
CVE-2025-43823 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
Liferay Portal exposes sensitive user data through its Freemarker template Moderate
CVE-2025-43825 was published for com.liferay:com.liferay.portal.template.freemarker (Maven) Oct 4, 2025
Liferay Portal Vulnerable to XSS in Web Content translation Moderate
CVE-2025-43826 was published for com.liferay.portal:release.portal.bom (Maven) Oct 1, 2025
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
Liferay Portal and DXP vulnerable to a memory leak Moderate
CVE-2025-43816 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Sep 25, 2025
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field Moderate
CVE-2025-43807 was published for com.liferay:com.liferay.change.tracking.service (Maven) Sep 22, 2025
Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-43808 was published for com.liferay.commerce:com.liferay.commerce.product.type.virtual.service (Maven) Sep 19, 2025
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database