Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23,264 advisories

Loading
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser High
GHSA-xffm-g5w8-qvg7 was published for @eslint/plugin-kit (npm) Jul 18, 2025
ericcornelissen
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files High
CVE-2025-53945 was published for chainguard.dev/apko (Go) Jul 18, 2025
vishal-chdhry codyharris-h2o-ai
Wasmtime CLI is vulnerable to host panic through its fd_renumber function Low
CVE-2025-53901 was published for wasmtime (Rust) Jul 18, 2025
hatoo rvolosatovs
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for golang.org/x/oauth2 (Go) Jul 18, 2025
Filemanager is vulnerable to Relative Path Traversal through filemanager.php Moderate
CVE-2025-46002 was published for simogeo/filemanager (Composer) Jul 18, 2025
Keycloak is vulnerable to bad actors escalating privileges through its Fine-Grained Admin Permissions Moderate
CVE-2025-7784 was published for org.keycloak:keycloak-services (Maven) Jul 18, 2025
XXL-JOB is vulnerable to SSRF attacks Low
CVE-2025-7787 was published for com.xuxueli:xxl-job-core (Maven) Jul 18, 2025
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Mattermost Path Traversal vulnerability Moderate
CVE-2025-6233 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Mattermost Missing Authentication for Critical Function Moderate
CVE-2025-6226 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Grafana is vulnerable to XSS attacks through open redirects and path traversal High
CVE-2025-6023 was published for github.com/grafana/grafana (Go) Jul 18, 2025
on-headers is vulnerable to http response header manipulation Low
CVE-2025-7339 was published for on-headers (npm) Jul 17, 2025
ctcpip SPodjasek
UlisesGascon sheplu Zen-cronic
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpip UlisesGascon
LinusU
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
DiracX-Web is vulnerable to attack through an Open Redirect on its login page Moderate
CVE-2025-54066 was published for @dirac-grid/diracx-web-components (npm) Jul 17, 2025
Robin-Van-de-Merghel
Grafana's insecure DingDing Alert integration exposes sensitive information Moderate
CVE-2025-3415 was published for github.com/grafana/grafana (Go) Jul 17, 2025
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes Moderate
CVE-2025-53892 was published for @intlify/core (npm) Jul 16, 2025
luoingly
File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing High
CVE-2025-53893 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs High
GHSA-7mcq-f592-pf7v was published for slice-deque (Rust) Jul 16, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints High
CVE-2024-9408 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications Moderate
CVE-2024-10031 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
ProTip! Advisories are also available from the GraphQL API