Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,778
Maven
5,000+
npm
4,379
NuGet
770
pip
4,150
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,170 advisories

Loading
Gitea vulnerable to Cross-site Scripting Moderate
CVE-2025-68946 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea: anonymous user can visit private user's project Moderate
CVE-2025-68945 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries Moderate
CVE-2025-68944 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order Moderate
CVE-2025-68943 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text Moderate
CVE-2025-68942 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources Moderate
CVE-2025-68941 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea mishandles authorization for deletion of releases Moderate
CVE-2025-68938 was published for code.gitea.io/gitea (Go) Dec 26, 2025
ruint affected by unsoundness of safe `reciprocal_mg10` Moderate
GHSA-9fjq-45qv-pcm7 was published for ruint (Rust) Dec 26, 2025
Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin Moderate
CVE-2025-64641 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues Moderate
CVE-2025-13767 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
Denial-of-service vulnerability processing large chat messages containing many newlines Moderate
GHSA-gj94-v4p9-w672 was published for pocketmine/pocketmine-mp (Composer) May 25, 2022
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation Moderate
CVE-2025-13324 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Kyverno vulnerable due to usage of insecure cipher Moderate
GHSA-hgv6-w7r3-w4qw was published for github.com/kyverno/kyverno (Go) May 30, 2023
Home Assistant Core before is vulnerable to Directory Traversal Moderate
CVE-2025-65713 was published for homeassistant (pip) Dec 23, 2025
Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
GHSA-93vm-mqpw-8wh3 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 25, 2025 withdrawn
LibreNMS Alert Rule API Cross-Site Scripting Vulnerability Moderate
CVE-2025-68614 was published for librenms/librenms (Composer) Dec 23, 2025
zdi-disclosures
Credited to zdi-disclosures
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service Moderate
CVE-2025-67743 was published for local-deep-research (pip) Dec 23, 2025
yueyueL
Credited to yueyueL
Ansible Community General Collection is vulnerable to exposure of sensitive information Moderate
CVE-2025-14010 was published for ansible (pip) Dec 4, 2025
reanguiano
Credited to reanguiano
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate
CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Marshmallow has DoS in Schema.load(many) Moderate
CVE-2025-68480 was published for marshmallow (pip) Dec 22, 2025
Umbraco CMS has an arbitrary file upload vulnerability Moderate
CVE-2025-67288 was published for Umbraco.Cms (NuGet) Dec 22, 2025
odoh-rs's Invalid Slice Split Results in Server Panic Moderate
CVE-2023-3766 was published for odoh-rs (Rust) Aug 3, 2023
00xc
Credited to 00xc
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation Moderate
CVE-2025-50181 was published for urllib3 (pip) Jun 18, 2025
sandumjacob illia-v
pquentin sethmlarson
Credited to sandumjacob, illia-v, pquentin, and sethmlarson
urllib3 does not control redirects in browsers and Node.js Moderate
CVE-2025-50182 was published for urllib3 (pip) Jun 18, 2025
illia-v pquentin
sethmlarson
Credited to illia-v, pquentin, and sethmlarson
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW
Credited to P3ngu1nW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database