Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,343 advisories

Loading
Navidrome allows an authentication bypass in Subsonic API with non-existent username Moderate
CVE-2025-27112 was published for github.com/navidrome/navidrome (Go) Feb 25, 2025
daniele-athome
DoS in go-jose Parsing Moderate
CVE-2025-27144 was published for github.com/go-jose/go-jose/v4 (Go) Feb 24, 2025
Moodle's feedback response viewing and deletions did not respect Separate Groups mode Moderate
CVE-2025-26526 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block Moderate
CVE-2025-26527 was published for moodle/moodle (Composer) Feb 24, 2025
Phusion Passenger denial of service Moderate
CVE-2025-26803 was published for passenger (RubyGems) Feb 24, 2025
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter Moderate
CVE-2025-27143 was published for better-auth (npm) Feb 24, 2025
sumeet-darekar Shivaraj-Kolekar
Mattermost fails to restrict channel export of archived channels Moderate
CVE-2025-24526 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Solon Path Traversal Moderate
CVE-2025-1584 was published for org.noear:solon-web-staticfiles (Maven) Feb 23, 2025
Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-95j3-435g-vjcp was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Exiv2 allows Use After Free Moderate
CVE-2025-26623 was published for Exiv2 (pip) Feb 21, 2025
Marsman1996
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
lakeFS allows an authenticated user to cause a crash by exhausting server memory Moderate
CVE-2025-27100 was published for github.com/treeverse/lakefs (Go) Feb 21, 2025
arielshaqed ItamarYuran
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
AutoQueryable leaks sensitive information Moderate
CVE-2024-57716 was published for AutoQueryable (NuGet) Feb 20, 2025
Kwik hash collision vulnerability Moderate
CVE-2025-23020 was published for tech.kwik:kwik (Maven) Feb 20, 2025
SSRF in sliver teamserver Moderate
CVE-2025-27090 was published for github.com/bishopfox/sliver (Go) Feb 19, 2025
chebuya
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens Moderate
CVE-2025-26620 was published for Duende.AccessTokenManagement (NuGet) Feb 19, 2025
Directus allows updates to non-allowed fields due to overlapping policies Moderate
CVE-2025-27089 was published for @directus/api (npm) Feb 19, 2025
hanneskuettner
Keycloak allows Incorrect Assignment of an Organization to a User Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database