Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,936 advisories

Loading
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
GHSA-hf6h-9wq7-hmjg was published for picklescan (pip) Sep 17, 2025 withdrawn
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
GHSA-4vr7-g93g-cf6m was published for picklescan (pip) Sep 17, 2025 withdrawn
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch Critical
GHSA-j424-mc44-f4hj was published for picklescan (pip) Sep 17, 2025 withdrawn
Liferay search widget vulnerable to Cross-site Scripting Moderate
CVE-2025-43804 was published for com.liferay:com.liferay.portal.search (Maven) Sep 17, 2025
Liferay Portal allows remote attackers to view display page templates via crafted URLs Moderate
CVE-2025-43805 was published for com.liferay:com.liferay.asset.display.page.service (Maven) Sep 17, 2025
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
Timing Attack Vulnerability in SCRAM Authentication Moderate
GHSA-3wfh-36rx-9537 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Low
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
@executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode High
CVE-2025-59333 was published for @executeautomation/database-server (npm) Sep 16, 2025
lirantal
Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC Moderate
CVE-2025-43801 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 16, 2025
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux Critical
CVE-2025-41243 was published for org.springframework.cloud:spring-cloud-gateway-server-webflux (Maven) Sep 16, 2025
Podman Creates Temporary File with Insecure Permissions High
CVE-2025-4953 was published for github.com/containers/podman/v5 (Go) Sep 16, 2025
TYPO3 "Form to Database" extension susceptible to Cross-site Scripting Low
CVE-2025-10316 was published for lavitto/typo3-form-to-database (Composer) Sep 16, 2025
Spring Security annotation detection mechanism has authorization bypass High
CVE-2025-41248 was published for org.springframework.security:spring-security-core (Maven) Sep 16, 2025
Spring Framework annotation detection mechanism may result in improper authorization High
CVE-2025-41249 was published for org.springframework:spring-core (Maven) Sep 16, 2025
Openfire has potential identity spoofing issue via unsafe CN parsing Moderate
CVE-2025-59154 was published for org.igniterealtime.openfire:xmppserver (Maven) Sep 16, 2025
onmywaytoheaven
Liferay Stored Cross-site Scripting vulnerability Moderate
CVE-2025-43802 was published for com.liferay.workspace:com.liferay.ticket.workspace (Maven) Sep 16, 2025
Liferay has Insecure Default Initialization of Resource issue Moderate
CVE-2025-43797 was published for com.liferay:com.liferay.site.admin.web (Maven) Sep 16, 2025
is-arrayish@0.3.3 contains malware after npm account takeover High
CVE-2025-59331 was published for is-arrayish (npm) Sep 15, 2025
error-ex@1.3.3 contains malware after npm account takeover High
CVE-2025-59330 was published for error-ex (npm) Sep 15, 2025
color-convert@3.1.1 contains malware after npm account takeover High
CVE-2025-59162 was published for color-convert (npm) Sep 15, 2025
color-name@2.0.1 contains malware after npm account takeover High
CVE-2025-59145 was published for color-name (npm) Sep 15, 2025
Liferay DXP Missing Critical Step in Authentication Low
CVE-2025-43798 was published for com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web (Maven) Sep 15, 2025
Liferay Portal Uses Default Password Moderate
CVE-2025-43799 was published for com.liferay.portal:release.portal.bom (Maven) Sep 15, 2025
Liferay Portal Cross-site Scripting (XSS) vulnerability Moderate
CVE-2025-43800 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database