Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
Credited to nsysean and edemaine
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible... High Unreviewed
CVE-2024-34739 was published Aug 16, 2024
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-48007 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-46703 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-57880 was published Sep 19, 2025
get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass Critical
CVE-2025-59936 was published for get-jwks (npm) Sep 26, 2025
epureionut99
Credited to epureionut99
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-0607 was published Oct 6, 2025
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize... High Unreviewed
CVE-2025-55903 was published Oct 10, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination Moderate
CVE-2025-61912 was published for python-ldap (pip) Oct 10, 2025
aradona91
Credited to aradona91
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into... High Unreviewed
CVE-2025-11713 was published Oct 14, 2025
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15... Moderate Unreviewed
CVE-2022-24682 was published Feb 10, 2022
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing... Critical Unreviewed
CVE-2022-42948 was published Mar 24, 2023
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient... Moderate Unreviewed
CVE-2025-46583 was published Oct 27, 2025
A malicious page could have used the type attribute of an OBJECT tag to override the default... Moderate Unreviewed
CVE-2025-11712 was published Oct 14, 2025
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can... High Unreviewed
CVE-2022-39957 was published Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP... Critical Unreviewed
CVE-2022-39956 was published Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially... High Unreviewed
CVE-2022-39958 was published Sep 21, 2022
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core ... Moderate Unreviewed
CVE-2025-32072 was published Apr 11, 2025
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker... Moderate Unreviewed
CVE-2025-4084 was published Apr 29, 2025
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal taxone
Credited to amita-seal and taxone
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database