Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,767
Maven
5,000+
npm
4,374
NuGet
770
pip
4,148
Pub
12
RubyGems
963
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,919 advisories

Loading
Mattermost Desktop App exposes sensitive information in its application logs Low
CVE-2025-13321 was published for mattermost-desktop (npm) Dec 17, 2025
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed
CVE-2025-65185 was published Dec 17, 2025
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf... Low Unreviewed
CVE-2025-14266 was published Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Mattermost has missing redirect URL validation Low
CVE-2025-62690 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
PyMdown Extensions has a ReDOS bug in its Figure Capture extension Low
CVE-2025-68142 was published for pymdown-extensions (pip) Dec 16, 2025
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG... Low Unreviewed
CVE-2023-53900 was published Dec 16, 2025
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows... Low Unreviewed
CVE-2023-53899 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed
CVE-2025-68164 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project... Low Unreviewed
CVE-2025-68162 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page Low Unreviewed
CVE-2025-68163 was published Dec 16, 2025
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc... Low Unreviewed
CVE-2025-54004 was published Dec 16, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option... Low Unreviewed
CVE-2025-49300 was published Dec 16, 2025
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The... Low Unreviewed
CVE-2025-55703 was published Dec 15, 2025
Weblate has improper validation upon invitation acceptance Low
CVE-2025-64725 was published for Weblate (pip) Dec 15, 2025
An Authentication Bypass vulnerability existed where the application bundled an interpreter ... Low Unreviewed
CVE-2025-14714 was published Dec 15, 2025
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app... Low Unreviewed
CVE-2025-14019 was published Dec 15, 2025
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the... Low Unreviewed
CVE-2025-14023 was published Dec 15, 2025
Mayan EDMS has an Open Redirect through the /authentication/ file Low
CVE-2025-14692 was published for mayan-edms (pip) Dec 15, 2025
Mayan EDMS is vulnerable to XSS through the /authentication/ file Low
CVE-2025-14691 was published for mayan-edms (pip) Dec 15, 2025
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by... Low Unreviewed
CVE-2025-67899 was published Dec 15, 2025
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to... Low Unreviewed
CVE-2025-9218 was published Dec 13, 2025
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this... Low Unreviewed
CVE-2025-14606 was published Dec 13, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in... Low Unreviewed
CVE-2025-43532 was published Dec 12, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Low Unreviewed
CVE-2025-43465 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database