Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,671 advisories

Loading
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-52881 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
tonistiigi cyphar
lifubang OddBloke olsova
Credited to tonistiigi, cyphar, lifubang, OddBloke, and olsova
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks Moderate
CVE-2025-10713 was published for org.wso2.carbon.mediation:org.wso2.carbon.localentry (Maven) Nov 5, 2025
runc container escape with malicious config due to /dev/console mount and related races High
CVE-2025-52565 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 lifubang
cyphar
Credited to ssst0n3, lifubang, and cyphar
runc container escape via "masked path" abuse due to mount race conditions High
CVE-2025-31133 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 rata
kolyshkin lifubang cyphar
Credited to ssst0n3, rata, kolyshkin, lifubang, and cyphar
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. Critical
CVE-2025-64459 was published for django (pip) Nov 5, 2025
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows High
CVE-2025-64458 was published for django (pip) Nov 5, 2025
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode Moderate
CVE-2025-58337 was published for doris-mcp-server (pip) Nov 5, 2025
lirantal
Credited to lirantal
expr-eval does not restrict functions passed to the evaluate function High
CVE-2025-12735 was published for expr-eval (npm) Nov 5, 2025
Kgateway transformation policy template can emit files from the container Moderate
GHSA-5pmx-7r6r-wfqq was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
rikatz
Credited to rikatz
kgateway is missing xDS authorization Moderate
CVE-2025-64323 was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
rikatz
Credited to rikatz
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
MARIN3R: Cross-Namespace Vulnerability in the Operator High
CVE-2025-64171 was published for github.com/3scale-sre/marin3r (Go) Nov 4, 2025
debuggerchen
Credited to debuggerchen
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt Moderate
CVE-2025-64187 was published for octoprint (pip) Nov 4, 2025
jacopotediosi
Credited to jacopotediosi
Dosage vulnerable to a Directory Traversal through crafted HTTP responses High
CVE-2025-64184 was published for dosage (pip) Nov 4, 2025
TobiX
Credited to TobiX
DSPy does not properly restrict file reads Moderate
CVE-2025-12695 was published for dspy (pip) Nov 4, 2025
Jellysweep uses uncontrolled data in image cache API endpoint High
CVE-2025-64178 was published for github.com/jon4hz/jellysweep (Go) Nov 4, 2025
Shaman has soundness issues and is unmaintained Low
GHSA-7vjm-6qgq-3mrq was published for shaman (Rust) Nov 3, 2025
lakeFS affected by unauthenticated access to API usage metrics Moderate
CVE-2025-64179 was published for github.com/treeverse/lakefs (Go) Nov 3, 2025
arielshaqed nopcoder
Credited to arielshaqed and nopcoder
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb atrol
dregad
Credited to jrckmcsb, atrol, and dregad
MantisBT lacks verification when changing a user's email address Moderate
CVE-2025-55155 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
ncrcs dregad
Credited to ncrcs and dregad
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
liamjones conorfitch
Credited to Malayke, cylewaitforit, liamjones, and conorfitch
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng dregad
Credited to TheAmazeng and dregad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database