Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Weblate is vulnerable to RCE through Git config file overwrite Critical
CVE-2025-68398 was published for Weblate (pip) Dec 18, 2025
secjson nijel
Credited to secjson and nijel
Weblate has an arbitrary file read via symbolic links High
CVE-2025-68279 was published for Weblate (pip) Dec 18, 2025
secjson nijel
Credited to secjson and nijel
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit nijel
Credited to naxus-audit and nijel
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration Moderate
CVE-2025-67492 was published for Weblate (pip) Dec 15, 2025
naxus-audit nijel
Credited to naxus-audit and nijel
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts nijel
Credited to jermanuts and nijel
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Moderate
CVE-2025-64716 was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason vanya909
nijel
Credited to mel-mason, vanya909, and nijel
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
Credited to nijel
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
Credited to amCap1712 and nijel
Weblate lacks rate limiting when verifying second factor Moderate
CVE-2025-47951 was published for weblate (pip) Jun 16, 2025
nijel obscuredeer
amCap1712
Credited to nijel, obscuredeer, and amCap1712
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext Low
CVE-2025-32021 was published for weblate (pip) Apr 15, 2025
joonashak nijel
gersona
Credited to joonashak, nijel, and gersona
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald nijel
Credited to bradenmacdonald and nijel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database