GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,209
NuGet
744
pip
3,987
Pub
12
RubyGems
950
Rust
1,036
Swift
45
Unreviewed advisories
All unreviewed
5,000+
24,129 advisories
Filter by severity
FuelVM is vulnerable to heap memory allocation re-use bug
High
GHSA-2pgj-5cv2-6xxw
was published
for
fuel-vm
(Rust)
Oct 8, 2025
Deno's --deny-write check does not prevent permission bypass
Low
CVE-2025-61785
was published
for
deno
(Rust)
Oct 7, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
High
CVE-2025-6242
was published
for
vllm
(pip)
Oct 7, 2025
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
High
CVE-2025-61784
was published
for
llamafactory
(pip)
Oct 7, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
Moderate
CVE-2025-61620
was published
for
vllm
(pip)
Oct 7, 2025
Akka.Remote TLS did not properly implement certificate-based authentication
Critical
CVE-2025-61778
was published
for
Akka.Cluster
(NuGet)
Oct 7, 2025
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
High
CVE-2025-61772
was published
for
rack
(RubyGems)
Oct 7, 2025
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
High
CVE-2025-61771
was published
for
rack
(RubyGems)
Oct 7, 2025
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
High
CVE-2025-61770
was published
for
rack
(RubyGems)
Oct 7, 2025
vLLM is vulnerable to timing attack at bearer auth
High
CVE-2025-59425
was published
for
vllm
(pip)
Oct 7, 2025
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
Moderate
GHSA-mm7p-fcc7-pg87
was published
for
nodemailer
(npm)
Oct 7, 2025
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
Moderate
CVE-2025-61765
was published
for
python-socketio
(pip)
Oct 7, 2025
pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding
High
CVE-2025-11362
was published
for
pdfmake
(npm)
Oct 7, 2025
Liferay Profile Widget does not prevent vCard extension spoofing
Moderate
CVE-2025-43824
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Oct 7, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding
Critical
CVE-2025-59159
was published
for
sillytavern
(npm)
Oct 6, 2025
Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion
High
CVE-2025-59152
was published
for
litestar
(pip)
Oct 6, 2025
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API
Critical
CVE-2025-52472
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Oct 6, 2025
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
High
CVE-2025-6985
was published
for
langchain-text-splitters
(pip)
Oct 6, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view
Critical
CVE-2025-49594
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Oct 6, 2025
Flowise vulnerable to RCE via Dynamic function constructor injection
Critical
CVE-2025-55346
was published
for
flowise
(npm)
Oct 6, 2025
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements
Low
CVE-2025-11322
was published
for
novosga/novosga
(Composer)
Oct 6, 2025
clearml is vulnerable to Path Traversal through its `safe_extract` function
Moderate
CVE-2025-8917
was published
for
clearml
(pip)
Oct 5, 2025
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
Moderate
CVE-2025-8406
was published
for
zenml
(pip)
Oct 5, 2025
Liferay Portal exposes sensitive user data through its Freemarker template
Moderate
CVE-2025-43825
was published
for
com.liferay:com.liferay.portal.template.freemarker
(Maven)
Oct 4, 2025
Flowise Stored XSS vulnerability through logs in chatbot
Moderate
GHSA-7r4h-vmj9-wg42
was published
for
flowise
(npm)
Oct 3, 2025
ProTip!
Advisories are also available from the
GraphQL API