这是indexloc提供的服务,不要输入任何密码
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,264 advisories

Loading
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High
CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025
skraft9
NodeJS version of the HAX CMS application is distributed with Default Secrets High
CVE-2025-54137 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
lfgberg asareynolds
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting High
CVE-2025-54128 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical
CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Nokogiri patches vendored libxml2 to resolve multiple CVEs Critical
GHSA-353f-x4gh-cqq8 was published for nokogiri (RubyGems) Jul 21, 2025
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
Dolibarr has Remote Code Execution Vulnerability (Bypass) High
GHSA-49xw-hw94-fmv2 was published for dolibarr/dolibarr (Composer) Jul 21, 2025
wh0amitz
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs High
GHSA-c5qx-p38x-qf5w was published for RageAgainstThePixel/setup-steamcmd (GitHub Actions) Jul 21, 2025
BrknRobot
buildalon/setup-steamcmd leaked authentication token in job output logs High
GHSA-mj96-mh85-r574 was published for buildalon/setup-steamcmd (GitHub Actions) Jul 21, 2025
BrknRobot
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann ljharb
Alchemy Non-SMA and Webauthn Account Security Advisory High
GHSA-56r6-ccm5-8hg3 was published for @account-kit/smart-contracts (npm) Jul 21, 2025
carlos-cow
@translated/lara-mcp vulnerable to command injection in import_tmx tool High
CVE-2025-53832 was published for @translated/lara-mcp (npm) Jul 21, 2025
dellalibera
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High
CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering High
CVE-2025-54075 was published for @nuxtjs/mdc (npm) Jul 20, 2025
Vozec
Thor can construct an unsafe shell command from library input. Low
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025
eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code High
CVE-2025-54313 was published for @pkgr/core (npm) Jul 19, 2025
Pradoxzon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database