Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,113 advisories

Loading
Apache StreamPark has a hard-coded encryption key High
CVE-2025-54947 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability High
CVE-2025-26866 was published for org.apache.hugegraph:hg-pd-core (Maven) Dec 12, 2025
FoF Pretty Mail has a server-side template injection vulnerability High
CVE-2024-58303 was published for fof/pretty-mail (Composer) Dec 12, 2025
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Next Vulnerable to Denial of Service with Server Components High
GHSA-mwv6-3258-q52c was published for next (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Denial of Service Vulnerability in React Server Components High
CVE-2025-55184 was published for react-server-dom-parcel (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Source Code Exposure Vulnerability in React Server Components Moderate
CVE-2025-55183 was published for react-server-dom-parcel (npm) Dec 11, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwn Cycloctane
Credited to zeropwn and Cycloctane
Servify-express rate limit issue High
CVE-2025-67731 was published for servify-express (npm) Dec 11, 2025
Aarondoran
Credited to Aarondoran
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins
Credited to Cillian-Collins
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells High
CVE-2025-67508 was published for github.com/gardener/gardenctl-v2 (Go) Dec 11, 2025
petersutter donistz
JordanJordanov HeckEK
Credited to petersutter, donistz, JordanJordanov, and HeckEK
quic-go HTTP/3 QPACK Header Expansion DoS Moderate
CVE-2025-64702 was published for github.com/quic-go/quic-go (Go) Dec 11, 2025
sfoxio
Credited to sfoxio
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java Moderate
CVE-2025-14518 was published for tech.powerjob:powerjob-common (Maven) Dec 11, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK Low
CVE-2025-67716 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
Race condition in the Okta Java SDK High
CVE-2025-67505 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality High
CVE-2025-34429 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate
CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Improper Request Caching Lookup in the Auth0 Next.js SDK Moderate
CVE-2025-67490 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
Improper Memory Cleanup in the Okta Java SDK Moderate
CVE-2025-66033 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
pyckle
Credited to pyckle
Pyrofork has a Path Traversal in download_media Method Moderate
CVE-2025-67720 was published for pyrofork (pip) Dec 10, 2025
yueyueL
Credited to yueyueL
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Moderate
CVE-2025-67643 was published for org.jenkinsci.plugins:pipeline-reporter-by-redpen (Maven) Dec 10, 2025
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials Moderate
CVE-2025-67642 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Dec 10, 2025
Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability High
CVE-2025-67641 was published for io.jenkins.plugins:coverage (Maven) Dec 10, 2025
Algernon Cross-Site Scripting vulnerability Moderate
CVE-2025-65754 was published for github.com/xyproto/algernon (Go) Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database