GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+ Composer
4,885 Erlang
37 GitHub Actions
38 Go
2,546 Maven
5,000+ npm
4,209 NuGet
744 pip
3,987 Pub
12 RubyGems
950 Rust
1,035 Swift
45Unreviewed advisories
All unreviewed
5,000+24,128 advisories
Filter by severity
Uh oh!
There was an error while loading.Please reload this page.
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust)Oct 7, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip)Oct 7, 2025
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip)Oct 7, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip)Oct 7, 2025
Akka.Remote TLS did not properly implement certificate-based authentication Critical
CVE-2025-61778 was published for Akka.Cluster (NuGet)Oct 7, 2025
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems)Oct 7, 2025
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems)Oct 7, 2025
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems)Oct 7, 2025
vLLM is vulnerable to timing attack at bearer auth High
CVE-2025-59425 was published for vllm (pip)Oct 7, 2025
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
GHSA-mm7p-fcc7-pg87 was published for nodemailer (npm)Oct 7, 2025
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments Moderate
CVE-2025-61765 was published for python-socketio (pip)Oct 7, 2025
pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding High
CVE-2025-11362 was published for pdfmake (npm)Oct 7, 2025
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven)Oct 7, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm)Oct 6, 2025
Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion High
CVE-2025-59152 was published for litestar (pip)Oct 6, 2025
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API Critical
CVE-2025-52472 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven)Oct 6, 2025
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing High
CVE-2025-6985 was published for langchain-text-splitters (pip)Oct 6, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven)Oct 6, 2025
Flowise vulnerable to RCE via Dynamic function constructor injection Critical
CVE-2025-55346 was published for flowise (npm)Oct 6, 2025
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements Low
CVE-2025-11322 was published for novosga/novosga (Composer)Oct 6, 2025
clearml is vulnerable to Path Traversal through its `safe_extract` function Moderate
CVE-2025-8917 was published for clearml (pip)Oct 5, 2025
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class Moderate
CVE-2025-8406 was published for zenml (pip)Oct 5, 2025
Liferay Portal exposes sensitive user data through its Freemarker template Moderate
CVE-2025-43825 was published for com.liferay:com.liferay.portal.template.freemarker (Maven)Oct 4, 2025
Flowise Stored XSS vulnerability through logs in chatbot Moderate
GHSA-7r4h-vmj9-wg42 was published for flowise (npm)Oct 3, 2025
Flowise vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
GHSA-964p-j4gg-mhwc was published for flowise (npm)Oct 3, 2025
ProTip! Advisories are also available from theGraphQL API