Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,748
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

305,449 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration High
GHSA-4jmp-x7mh-rgmr was published for github.com/babylonlabs-io/finality-provider (Go) Dec 12, 2025
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) High
CVE-2025-66001 was published for github.com/neuvector/neuvector (Go) Dec 12, 2025
A vulnerability was identified in kidaze CourseSelectionSystem up to... Moderate Unreviewed
CVE-2025-14565 was published Dec 12, 2025
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the ... Unknown Unreviewed
CVE-2025-67344 was published Dec 12, 2025
A security flaw has been discovered in kidaze CourseSelectionSystem up to... Moderate Unreviewed
CVE-2025-14566 was published Dec 12, 2025
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core... Unknown Unreviewed
CVE-2025-64011 was published Dec 12, 2025
jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability... Unknown Unreviewed
CVE-2025-67341 was published Dec 12, 2025
A weakness has been identified in haxxorsid Stock-Management-System up to... Moderate Unreviewed
CVE-2025-14567 was published Dec 12, 2025
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu... Unknown Unreviewed
CVE-2025-67342 was published Dec 12, 2025
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows... Low Unreviewed
CVE-2023-29144 was published Dec 12, 2025
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute... Unknown Unreviewed
CVE-2025-65854 was published Dec 12, 2025
In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject... Unknown Unreviewed
CVE-2025-40345 was published Dec 12, 2025
BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their... High Unreviewed
CVE-2025-13733 was published Dec 12, 2025
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the... Unknown Unreviewed
CVE-2025-67819 was published Dec 12, 2025
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects... Moderate Unreviewed
CVE-2025-12843 was published Dec 12, 2025
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4... High Unreviewed
CVE-2025-65530 was published Dec 12, 2025
Plesk 18.0 has Incorrect Access Control. Unknown Unreviewed
CVE-2025-66430 was published Dec 12, 2025
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data... Unknown Unreviewed
CVE-2025-67818 was published Dec 12, 2025
Apache StreamPark: Use the user’s password as the secret key Vulnerability High
CVE-2025-53960 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Denial of Service Vulnerability in React Server Components High
CVE-2025-67779 was published for react-server-dom-parcel (npm) Dec 12, 2025
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient... High Unreviewed
CVE-2025-58770 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database