GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
8,092 advisories
Filter by severity
Incus creates nftables rules that partially bypass security options
High
CVE-2025-52890
was published
for
github.com/lxc/incus/v6
(Go)
Jun 26, 2025
Podman Improper Certificate Validation; machine missing TLS verification
High
CVE-2025-6032
was published
for
github.com/containers/podman/v4
(Go)
Jun 25, 2025
Claude Code Improper Authorization via websocket connections from arbitrary origins
High
CVE-2025-52882
was published
for
@anthropic-ai/claude-code
(npm)
Jun 23, 2025
ChangeDetection.io XSS in watch overview
High
CVE-2025-52558
was published
for
changedetection.io
(pip)
Jun 23, 2025
DNN.PLATFORM possibly allows bypass of IP Filters
High
CVE-2025-52487
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
High
CVE-2025-52488
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file
High
CVE-2025-48957
was published
for
astrbot
(pip)
Jun 4, 2025
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Liferay Portal and Liferay DXP insecure default configuration
High
CVE-2021-33321
was published
for
com.liferay.portal:com.liferay.portal.impl
(Maven)
May 24, 2022
Liferay Portal and Liferay DXP autosaves form data for other users to see
High
CVE-2021-33323
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
May 24, 2022
TabberNeue vulnerable to Stored XSS through wikitext
High
CVE-2025-53093
was published
for
starcitizentools/tabber-neue
(Composer)
Jun 27, 2025
raspap-webgui has a Directory Traversal vulnerability
High
CVE-2025-44163
was published
for
billz/raspap-webgui
(Composer)
Jun 27, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
High
CVE-2024-54000
was published
for
mobsf
(pip)
Jun 27, 2025
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
High
CVE-2021-33322
was published
for
com.liferay.portal:com.liferay.portal.impl
(Maven)
May 24, 2022
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
High
CVE-2025-53002
was published
for
llamafactory
(pip)
Jun 27, 2025
jackson-core can throw a StackoverflowError when processing deeply nested data
High
CVE-2025-52999
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Jun 27, 2025
filebrowser Allows Shell Commands to Spawn Other Commands
High
CVE-2025-52903
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function
High
CVE-2025-52902
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
High
CVE-2025-4922
was published
for
github.com/hashicorp/nomad
(Go)
Jun 11, 2025
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens
High
CVE-2025-52477
was published
for
github.com/octo-sts/app
(Go)
Jun 26, 2025
NetBird uses a static initialization vector (IV)
High
CVE-2024-41260
was published
for
github.com/netbirdio/netbird
(Go)
Aug 1, 2024
LangChain Community SSRF vulnerability exists in RequestsToolkit component
High
CVE-2025-2828
was published
for
langchain-community
(pip)
Jun 23, 2025
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory
High
CVE-2025-52888
was published
for
io.qameta.allure.plugins:junit-xml-plugin
(Maven)
Jun 25, 2025
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
TiDB authentication bypass vulnerability
High
CVE-2022-31011
was published
for
github.com/pingcap/tidb
(Go)
Jun 6, 2022
ProTip!
Advisories are also available from the
GraphQL API