GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,520 advisories
React Server Components are Vulnerable to RCE
Critical
CVE-2025-55182
was published
for
react-server-dom-parcel
(npm)
Dec 3, 2025
Next.js is vulnerable to RCE in React flight protocol
Critical
CVE-2025-66478
was published
for
next
(npm)
Dec 3, 2025
Mautic user without privileged access to the Marketplace can install and uninstall composer packages
Critical
CVE-2025-13828
was published
for
mautic/core
(Composer)
Dec 2, 2025
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
Critical
CVE-2025-66401
was published
for
mcp-watch
(npm)
Dec 2, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Critical
CVE-2025-62593
was published
for
ray
(pip)
Nov 26, 2025
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction
Critical
GHSA-rj4j-2jph-gg43
was published
for
github.com/lf-edge/ekuiper/v2
(Go)
Nov 24, 2025
Grafana Incorrect Privilege Assignment vulnerability
Critical
CVE-2025-41115
was published
for
github.com/grafana/grafana
(Go)
Nov 21, 2025
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter
Critical
CVE-2025-65108
was published
for
md-to-pdf
(npm)
Nov 20, 2025
@hpke/core reuses AEAD nonces
Critical
CVE-2025-64767
was published
for
@hpke/core
(npm)
Nov 20, 2025
Eclipse Jersey has a Race Condition
Critical
CVE-2025-12383
was published
for
org.glassfish.jersey.core:jersey-client
(Maven)
Nov 18, 2025
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
Critical
CVE-2025-65015
was published
for
joserfc
(pip)
Nov 18, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Critical
CVE-2025-55449
was published
for
astrbot
(pip)
Nov 14, 2025
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency
Critical
GHSA-6jqf-mv7m-3q7p
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Nov 13, 2025
ProTip!
Advisories are also available from the
GraphQL API