+
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,162 advisories

Loading
Melis Platform CMS SQL Injection Critical
CVE-2025-10351 was published for melisplatform/melis-cms (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page Moderate
CVE-2025-43822 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget Moderate
CVE-2025-43823 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera
Credited to dellalibera
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh d3do-23
lonelyuan huachenheli DarkLight1337 russellb sidhpurwala-huzaifa
Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 kexinoh
lonelyuan
Credited to d3do-23, kexinoh, and lonelyuan
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Isotr0py, and DarkLight1337
Akka.Remote TLS did not properly implement certificate-based authentication Critical
CVE-2025-61778 was published for Akka.Cluster (NuGet) Oct 7, 2025
Aaronontheweb
Credited to Aaronontheweb
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025
kwkr ioquatix
jeremyevans
Credited to kwkr, ioquatix, and jeremyevans
vLLM is vulnerable to timing attack at bearer auth High
CVE-2025-59425 was published for vllm (pip) Oct 7, 2025
russellb
Credited to russellb
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
GHSA-mm7p-fcc7-pg87 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments Moderate
CVE-2025-61765 was published for python-socketio (pip) Oct 7, 2025
locus-x64
Credited to locus-x64
pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding High
CVE-2025-11362 was published for pdfmake (npm) Oct 7, 2025
jeran-urban
Credited to jeran-urban
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte
Credited to Atom1cByte
Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion High
CVE-2025-59152 was published for litestar (pip) Oct 6, 2025
crum7 takumi-san-ai
Credited to crum7 and takumi-san-ai
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API Critical
CVE-2025-52472 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Oct 6, 2025
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing High
CVE-2025-6985 was published for langchain-text-splitters (pip) Oct 6, 2025
chaliy
Credited to chaliy
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
Flowise vulnerable to RCE via Dynamic function constructor injection Critical
CVE-2025-55346 was published for flowise (npm) Oct 6, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements Low
CVE-2025-11322 was published for novosga/novosga (Composer) Oct 6, 2025
Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel High
GHSA-7rgr-72hp-9wp3 was published for flowise (npm) Oct 6, 2025 withdrawn
Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot High
GHSA-wq95-wr7m-26h4 was published for flowise (npm) Oct 6, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载