Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
38
Go
2,538
Maven
5,000+
npm
4,197
NuGet
743
pip
3,971
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,064 advisories

Loading
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
counterpart vulnerable to prototype pollution Moderate
CVE-2025-57354 was published for counterpart (npm) Sep 24, 2025
Mangati NovoSGA XSS vulnerability in /admin Low
CVE-2025-10909 was published for novosga/novosga (Composer) Sep 24, 2025
messageformat prototype pollution vulnerability High
CVE-2025-57353 was published for @messageformat/runtime (npm) Sep 24, 2025
min-document vulnerable to prototype pollution Low
CVE-2025-57352 was published for min-document (npm) Sep 24, 2025
CSVTOJSON has a prototype pollution vulnerability Moderate
CVE-2025-57350 was published for csvtojson (npm) Sep 24, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
cai0duque bentasker
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Moderate
CVE-2025-58457 was published for org.apache.zookeeper:zookeeper (Maven) Sep 24, 2025
cai0duque
Apache IoTDB: DoS Vulnerability Moderate
CVE-2025-48392 was published for org.apache.iotdb:iotdb-core (Maven) Sep 24, 2025
Apache IoTDB: Deserialization of untrusted Data Critical
CVE-2025-48459 was published for org.apache.iotdb:iotdb-confignode (Maven) Sep 24, 2025
cai0duque
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
WSO2 Identity Server Apps allows content spoofing in logs Moderate
CVE-2024-6429 was published for org.wso2.identity.apps:authentication-portal (Maven) Sep 23, 2025
cai0duque
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown woodruffw
charliermarsh zanieb
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section Moderate
CVE-2025-59822 was published for org.http4s:http4s-ember-core_2.12 (Maven) Sep 23, 2025
sebastianosrt samspills
rossabaker
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer Moderate
CVE-2025-6921 was published for transformers (pip) Sep 23, 2025
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile Moderate
CVE-2025-59821 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module Critical
CVE-2025-59545 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes valadas
mitchelsellers
Liferay Portal and DXP does not properly check permission with import and export tasks Moderate
CVE-2025-43806 was published for com.liferay:com.liferay.batch.engine.service (Maven) Sep 23, 2025
Liferay Portal and DXP allows users to add a note to a different virtual instance Moderate
CVE-2025-43810 was published for com.liferay.commerce:com.liferay.commerce.service (Maven) Sep 23, 2025
Liferay Portal and DXP audit events record password reminder answers Moderate
CVE-2025-43814 was published for com.liferay:com.liferay.portal.security.audit.event.generators.user.management (Maven) Sep 23, 2025
DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field Moderate
CVE-2025-59539 was published for DotNetNuke.Core (NuGet) Sep 22, 2025
bdukes valadas
mitchelsellers
DNN allows loading unused themes on anonymous clients through query parameters Moderate
CVE-2025-59535 was published for DotNetNuke.Core (NuGet) Sep 22, 2025
6TELOIV bdukes
valadas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database