GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
33,218 advisories
Filter by severity
File Browser vulnerable to insecure password handling
Moderate
CVE-2025-52997
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser's password protection of links is bypassable
Low
CVE-2025-52996
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser vulnerable to command execution allowlist bypass
High
CVE-2025-52995
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser: Command Execution not Limited to Scope
High
CVE-2025-52904
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jun 30, 2025
File Browser allows sensitive data to be transferred in URL
Moderate
CVE-2025-52901
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
tiny-secp256k1 allows for verify() bypass when running in bundled environment
High
CVE-2024-49365
was published
for
tiny-secp256k1
(npm)
Jun 30, 2025
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment
High
CVE-2024-49364
was published
for
tiny-secp256k1
(npm)
Jun 30, 2025
Langchain-Chatchat vulnerable to path traversal
Low
CVE-2025-6855
was published
for
langchain-chatchat
(pip)
Jun 29, 2025
Langchain-Chatchat vulnerable to path traversal
Low
CVE-2025-6854
was published
for
langchain-chatchat
(pip)
Jun 29, 2025
Langchain-Chatchat has a Path Traversal vulnerability
Low
CVE-2025-6853
was published
for
langchain-chatchat
(pip)
Jun 29, 2025
akka-cluster-metrics uses Java serialization for cluster metrics
Moderate
CVE-2025-53393
was published
for
com.typesafe.akka:akka-cluster-metrics_2.13
(Maven)
Jun 29, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data
Low
CVE-2025-32897
was published
for
org.apache.seata:seata-config-core
(Maven)
Jun 28, 2025
Taylor has race condition in /get-patch that allows purchase token replay
Low
GHSA-vh5j-5fhq-9xwg
was published
for
taylored
(npm)
Jun 27, 2025
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir
Moderate
CVE-2025-6773
was published
for
lightrag-hku
(pip)
Jun 27, 2025
TabberNeue vulnerable to Stored XSS through wikitext
High
CVE-2025-53093
was published
for
starcitizentools/tabber-neue
(Composer)
Jun 27, 2025
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
High
CVE-2024-54000
was published
for
mobsf
(pip)
Jun 27, 2025
mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Moderate
GHSA-fv92-fjc5-jj9h
was published
for
github.com/go-viper/mapstructure/v2
(Go)
Jun 27, 2025
raspap-webgui has a Directory Traversal vulnerability
High
CVE-2025-44163
was published
for
billz/raspap-webgui
(Composer)
Jun 27, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
High
CVE-2025-53002
was published
for
llamafactory
(pip)
Jun 27, 2025
jackson-core can throw a StackoverflowError when processing deeply nested data
High
CVE-2025-52999
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Jun 27, 2025
filebrowser Allows Shell Commands to Spawn Other Commands
High
CVE-2025-52903
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jun 27, 2025
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function
High
CVE-2025-52902
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
filebrowser Sets Insecure File Permissions
Moderate
CVE-2025-52900
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
n8n allows open redirects via the /signin endpoint
Moderate
CVE-2025-49592
was published
for
n8n
(npm)
Jun 27, 2025
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components
Low
CVE-2025-6736
was published
for
juzaweb/cms
(Composer)
Jun 27, 2025
ProTip!
Advisories are also available from the
GraphQL API