Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33,218 advisories

Loading
File Browser vulnerable to insecure password handling Moderate
CVE-2025-52997 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
File Browser's password protection of links is bypassable Low
CVE-2025-52996 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
File Browser vulnerable to command execution allowlist bypass High
CVE-2025-52995 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
File Browser: Command Execution not Limited to Scope High
CVE-2025-52904 was published for github.com/filebrowser/filebrowser/v2 (Go) Jun 30, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
File Browser allows sensitive data to be transferred in URL Moderate
CVE-2025-52901 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR Credited to ChALkeR and jprichardson jprichardson jprichardson
ChALkeR Credited to ChALkeR
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6855 was published for langchain-chatchat (pip) Jun 29, 2025
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6854 was published for langchain-chatchat (pip) Jun 29, 2025
Langchain-Chatchat has a Path Traversal vulnerability Low
CVE-2025-6853 was published for langchain-chatchat (pip) Jun 29, 2025
akka-cluster-metrics uses Java serialization for cluster metrics Moderate
CVE-2025-53393 was published for com.typesafe.akka:akka-cluster-metrics_2.13 (Maven) Jun 29, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd Credited to oscerd and raboof raboof raboof
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff Credited to snyff
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev Credited to SomeMWDev
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter High
CVE-2024-54000 was published for mobsf (pip) Jun 27, 2025
bulutenes Credited to bulutenes and aydinnyunus aydinnyunus aydinnyunus
mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-fv92-fjc5-jj9h was published for github.com/go-viper/mapstructure/v2 (Go) Jun 27, 2025
cipherboy Credited to cipherboy
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee Credited to LianKee
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser/v2 (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function High
CVE-2025-52902 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
filebrowser Sets Insecure File Permissions Moderate
CVE-2025-52900 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub Credited to tatianahub
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components Low
CVE-2025-6736 was published for juzaweb/cms (Composer) Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API