Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,872
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,569 advisories

Loading
@musistudio/claude-code-router has improper CORS configuration Low
CVE-2025-57755 was published for @musistudio/claude-code-router (npm) Aug 21, 2025
ttttmr
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request Moderate
CVE-2025-57753 was published for vite-plugin-static-copy (npm) Aug 21, 2025
ikkisoft
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-2464-8j7c-4cjm was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
UnoPim vulnerable to CSRF on Product edit feature and creation of other types Moderate
CVE-2025-55744 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
UnoPim vulnerable to remote code execution through Arbitrary File upload High
CVE-2025-55743 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality High
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Mattermost Fails to Sanitize Path Traversal Sequences Moderate
CVE-2025-8023 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate File Paths Moderate
CVE-2025-36530 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Server SSRF Vulnerability via the Agents Plugin Low
CVE-2025-47700 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Does Not Sanitize the Team Invite ID Moderate
CVE-2025-47870 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Lack of Access Control Validation Low
CVE-2025-49810 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Properly Validate Team Role Modification Low
CVE-2025-53971 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter Moderate
CVE-2025-43757 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping Moderate
CVE-2025-43746 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
x402 SDK vulnerable in outdated versions in resource servers for builders High
GHSA-3j63-5h8p-gf7c was published for x402 (npm) Aug 20, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files Moderate
CVE-2025-57749 was published for n8n (npm) Aug 20, 2025
Mahmoud0x00
Directus allows unauthenticated file upload and file modification due to lacking input sanitization Critical
CVE-2025-55746 was published for @directus/api (npm) Aug 20, 2025
r4bbit-r4
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database