GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
23,787 advisories
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
High
CVE-2025-58358
was published
for
mcp-markdownify-server
(npm)
Sep 2, 2025
Command Injection via sonarqube-scan-action GitHub Action
High
CVE-2025-58178
was published
for
SonarSource/sonarqube-scan-action
(GitHub Actions)
Sep 2, 2025
MobSF Path Traversal in GET /download/<filename> using absolute filenames
Low
CVE-2025-58161
was published
for
mobsf
(pip)
Sep 2, 2025
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
Moderate
CVE-2025-58162
was published
for
mobsf
(pip)
Sep 2, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
High
GHSA-fqqv-56h5-f57g
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 2, 2025
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
High
CVE-2025-57808
was published
for
esphome
(pip)
Sep 2, 2025
Local Deep Research's API keys are stored in plain text
Moderate
CVE-2025-57806
was published
for
local-deep-research
(pip)
Sep 2, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Moderate
CVE-2025-57752
was published
for
next
(npm)
Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
Tracing logging user input may result in poisoning logs with ANSI escape sequences
Low
CVE-2025-58160
was published
for
tracing-subscriber
(Rust)
Aug 29, 2025
Eventlet affected by HTTP request smuggling in unparsed trailers
Moderate
CVE-2025-58068
was published
for
eventlet
(pip)
Aug 29, 2025
Harness Allows Arbitrary File Write in Gitness LFS server
High
CVE-2025-58158
was published
for
github.com/harness/gitness
(Go)
Aug 29, 2025
Versity panic induced by AWS chunked data sent to port
High
GHSA-v2ch-c8v8-fgr7
was published
for
github.com/versity/versitygw
(Go)
Aug 29, 2025
ProTip!
Advisories are also available from the
GraphQL API