GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
23,948 advisories
Filter by severity
Spring Security annotation detection mechanism has authorization bypass
High
CVE-2025-41248
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 16, 2025
Spring Framework annotation detection mechanism may result in improper authorization
High
CVE-2025-41249
was published
for
org.springframework:spring-core
(Maven)
Sep 16, 2025
Openfire has potential identity spoofing issue via unsafe CN parsing
Moderate
CVE-2025-59154
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Sep 16, 2025
Liferay Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-43802
was published
for
com.liferay.workspace:com.liferay.ticket.workspace
(Maven)
Sep 16, 2025
Liferay has Insecure Default Initialization of Resource issue
Moderate
CVE-2025-43797
was published
for
com.liferay:com.liferay.site.admin.web
(Maven)
Sep 16, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59331
was published
for
is-arrayish
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59330
was published
for
error-ex
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59162
was published
for
color-convert
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59145
was published
for
color-name
(npm)
Sep 15, 2025
Liferay DXP Missing Critical Step in Authentication
Low
CVE-2025-43798
was published
for
com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web
(Maven)
Sep 15, 2025
Liferay Portal Uses Default Password
Moderate
CVE-2025-43799
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Sep 15, 2025
Liferay Portal Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2025-43800
was published
for
com.liferay:com.liferay.dynamic.data.mapping.form.field.type
(Maven)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59144
was published
for
debug
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59143
was published
for
color
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59142
was published
for
color-string
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59141
was published
for
simple-swizzle
(npm)
Sep 15, 2025
[email protected] contains malware after npm account takeover
High
CVE-2025-59140
was published
for
backslash
(npm)
Sep 15, 2025
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2025-59155
was published
for
hackmd-mcp
(npm)
Sep 15, 2025
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark
Moderate
CVE-2025-9862
was published
for
ghost
(npm)
Sep 15, 2025
Flowise has unsandboxed remote code execution via Custom MCP
High
GHSA-6933-jpx5-q87q
was published
for
flowise
(npm)
Sep 15, 2025
Flowise has arbitrary file access due to missing chat flow id validation
Critical
GHSA-q67q-549q-p849
was published
for
flowise
(npm)
Sep 15, 2025
Flowise has an Arbitrary File Read
Critical
GHSA-99pg-hqvx-r4gf
was published
for
flowise
(npm)
Sep 15, 2025
Flowise has Remote Code Execution vulnerability
Critical
GHSA-3gcm-f6qx-ff7p
was published
for
flowise
(npm)
Sep 15, 2025
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
High
GHSA-hr92-4q35-4j3m
was published
for
flowise
(npm)
Sep 15, 2025
FlowiseAI Pre-Auth Arbitrary Code Execution
Critical
GHSA-7944-7c6r-55vv
was published
for
flowise
(npm)
Sep 15, 2025
ProTip!
Advisories are also available from the
GraphQL API