Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,942
Erlang
39
GitHub Actions
38
Go
2,599
Maven
5,000+
npm
4,249
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,381 advisories

Loading
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization Moderate
GHSA-cq46-m9x9-j8w2 was published for scapy (pip) Oct 22, 2025
anotherik
Credited to anotherik
Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice Low
GHSA-xcpm-76hf-c9cc was published for borrowck_sacrifices (Rust) Oct 22, 2025
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function Moderate
CVE-2025-11844 was published for smolagents (pip) Oct 22, 2025
Hono Improper Authorization vulnerability High
CVE-2025-62610 was published for hono (npm) Oct 22, 2025
okazu-dm
Credited to okazu-dm
Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer Low
GHSA-fp5x-7m4q-449f was published for direct_ring_buffer (Rust) Oct 21, 2025
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices Low
GHSA-h5j3-crg5-8jqm was published for orx-pinned-vec (Rust) Oct 21, 2025
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL Moderate
CVE-2025-62607 was published for nautobot-ssot (pip) Oct 21, 2025
gsnider2195 smk4664
jdrew82
Credited to gsnider2195, smk4664, and jdrew82
code16 Sharp vulnerable to Cross Site Scripting (XSS) Moderate
CVE-2025-61457 was published for code16/sharp (Composer) Oct 21, 2025
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget Moderate
CVE-2025-62249 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 21, 2025
NeuVector is shipping cryptographic material into its binary Moderate
CVE-2025-54471 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for https://github.com/neuvector/neuvector (Go) Oct 21, 2025
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow Critical
CVE-2025-54469 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
uv has differential in tar extraction with PAX headers Low
GHSA-w476-p2h3-79g9 was published for uv (pip) Oct 21, 2025
woodruffw zanieb
Credited to woodruffw and zanieb
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service Moderate
CVE-2025-60790 was published for processwire/processwire (Composer) Oct 21, 2025
Liferay Portal fails to verify messages from the cluster network is trusted Moderate
CVE-2025-62250 was published for com.liferay:com.liferay.portal.cluster.multiple (Maven) Oct 21, 2025
Cosmos EVM Vulnerability Critical
GHSA-8pfh-j44r-f654 was published for github.com/cosmos/evm (Go) Oct 21, 2025
Shopware Customer Orders can be canceled, even if refunds are disabled Moderate
GHSA-r2vg-hvjm-fg38 was published for shopware/core (Composer) Oct 21, 2025
aragon999
Credited to aragon999
Shopware exposes sensitive user information via CSV export mapping Moderate
GHSA-27c9-vp3w-6ww8 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to path traversal via Plugin upload Low
GHSA-6wh5-mw9h-5c3w was published for shopware/core (Composer) Oct 21, 2025
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually Moderate
GHSA-m895-2hj3-8cg9 was published for shopware/core (Composer) Oct 21, 2025
JoshuaBehrens
Credited to JoshuaBehrens
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb
Credited to woodruffw, tycho, azenla, anners, mnm678, and zanieb
Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic Moderate
CVE-2025-62595 was published for koa (npm) Oct 21, 2025
haymizrachi
Credited to haymizrachi
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description Moderate
CVE-2025-62528 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
Taguette password reset link poisoning High
CVE-2025-62527 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database