Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,023 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration High
GHSA-4jmp-x7mh-rgmr was published for github.com/babylonlabs-io/finality-provider (Go) Dec 12, 2025
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) High
CVE-2025-66001 was published for github.com/neuvector/neuvector (Go) Dec 12, 2025
Apache StreamPark: Use the user’s password as the secret key Vulnerability High
CVE-2025-53960 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Weaviate OSS has path traversal vulnerability via the Shard Movement API High
CVE-2025-67819 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Denial of Service Vulnerability in React Server Components High
CVE-2025-67779 was published for react-server-dom-parcel (npm) Dec 12, 2025
Apache StreamPark uses a Weak Encryption Algorithm High
CVE-2025-54981 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Apache StreamPark has a hard-coded encryption key High
CVE-2025-54947 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability High
CVE-2025-26866 was published for org.apache.hugegraph:hg-pd-core (Maven) Dec 12, 2025
FoF Pretty Mail has a server-side template injection vulnerability High
CVE-2024-58303 was published for fof/pretty-mail (Composer) Dec 12, 2025
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Next Vulnerable to Denial of Service with Server Components High
GHSA-mwv6-3258-q52c was published for next (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Denial of Service Vulnerability in React Server Components High
CVE-2025-55184 was published for react-server-dom-parcel (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Source Code Exposure Vulnerability in React Server Components Moderate
CVE-2025-55183 was published for react-server-dom-parcel (npm) Dec 11, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwnCycloctane
Credited to zeropwn and Cycloctane
Servify-express rate limit issue High
CVE-2025-67731 was published for servify-express (npm) Dec 11, 2025
Aarondoran
Credited to Aarondoran
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins
Credited to Cillian-Collins
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells High
CVE-2025-67508 was published for github.com/gardener/gardenctl-v2 (Go) Dec 11, 2025
petersutterdonistz
JordanJordanovHeckEK
Credited to petersutter, donistz, JordanJordanov, and HeckEK
quic-go HTTP/3 QPACK Header Expansion DoS Moderate
CVE-2025-64702 was published for github.com/quic-go/quic-go (Go) Dec 11, 2025
sfoxio
Credited to sfoxio
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java Moderate
CVE-2025-14518 was published for tech.powerjob:powerjob-common (Maven) Dec 11, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK Low
CVE-2025-67716 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database