Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10,988 advisories

Loading
MLX has Wild Pointer Dereference in load_gguf() Moderate
CVE-2025-62609 was published for mlx (pip) Nov 21, 2025
wickgit mmudryi
markiyanch
Credited to wickgit, mmudryi, and markiyanch
MLX has heap-buffer-overflow in load() Moderate
CVE-2025-62608 was published for mlx (pip) Nov 21, 2025
wickgit mmudryi
markiyanch
Credited to wickgit, mmudryi, and markiyanch
OpenFGA Improper Policy Enforcement Moderate
CVE-2025-64751 was published for github.com/openfga/openfga (Go) Nov 20, 2025
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage Moderate
CVE-2025-63700 was published for @clerk/clerk-js (npm) Nov 20, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` Moderate
CVE-2025-62426 was published for vllm (pip) Nov 20, 2025
russellb Isotr0py
DarkLight1337
Credited to russellb, Isotr0py, and DarkLight1337
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow Moderate
CVE-2025-64027 was published for snipe/snipe-it (Composer) Nov 20, 2025
zx Uses Incorrectly-Resolved Name or Reference Moderate
CVE-2025-13437 was published for zx (npm) Nov 20, 2025
@perfood/couch-auth may expose session tokens, passwords Moderate
CVE-2025-60794 was published for @perfood/couch-auth (npm) Nov 20, 2025
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60798 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains an incorrect access control vulnerability Moderate
CVE-2025-60799 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60797 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read Moderate
CVE-2025-47914 was published for golang.org/x/crypto (Go) Nov 19, 2025
leonklingele
Credited to leonklingele
golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption Moderate
CVE-2025-58181 was published for golang.org/x/crypto (Go) Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript Moderate
CVE-2025-65026 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint Moderate
CVE-2025-65019 was published for astro (npm) Nov 19, 2025
zomaxsec
Credited to zomaxsec
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values Moderate
CVE-2025-64765 was published for astro (npm) Nov 19, 2025
Sudistark
Credited to Sudistark
authentik's invitation expiry is delayed by at least 5 minutes Moderate
CVE-2025-64708 was published for goauthentik.io (Go) Nov 19, 2025
melizeche
Credited to melizeche
authentik allows a deactivated Service account to authenticate to OAuth Moderate
CVE-2025-64521 was published for goauthentik.io (Go) Nov 19, 2025
MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory Moderate
CVE-2025-12119 was published for mongodb/mongodb-extension (Composer) Nov 19, 2025
XWiki view file macro: User can view content of office file without view rights on the attachment Moderate
CVE-2025-65089 was published for com.xwiki.pro:xwiki-pro-macros-ui (Maven) Nov 18, 2025
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Backdrop CMS Host Header Injection vulnerability Moderate
CVE-2025-63828 was published for backdrop/backdrop (Composer) Nov 18, 2025
Drupal core allows Object Injection Moderate
CVE-2025-13081 was published for drupal/core (Composer) Nov 18, 2025
Drupal Email TFA allows Functionality Bypass Moderate
CVE-2025-12760 was published for drupal/email_tfa (Composer) Nov 18, 2025
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` Moderate
CVE-2025-65013 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database