Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33,225 advisories

Loading
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee Credited to LianKee
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser/v2 (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function High
CVE-2025-52902 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
filebrowser Sets Insecure File Permissions Moderate
CVE-2025-52900 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub Credited to tatianahub
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components Low
CVE-2025-6736 was published for juzaweb/cms (Composer) Jun 27, 2025
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component Low
CVE-2025-6735 was published for juzaweb/cms (Composer) Jun 27, 2025
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2025-5731 was published for org.infinispan:infinispan-cli-client (Maven) Jun 27, 2025
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
Magento Security feature bypass Moderate
CVE-2025-49550 was published for magento/community-edition (Composer) Jun 26, 2025
Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Moderate
CVE-2025-6442 was published for webrick (RubyGems) Jun 26, 2025
Vault Community Edition rekey and recovery key operations can cause denial of service Low
CVE-2025-4656 was published for github.com/hashicorp/vault (Go) Jun 26, 2025
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator Critical
CVE-2025-50213 was published for apache-airflow-providers-snowflake (pip) Jun 26, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao (Go) Jun 26, 2025
cipherboy Credited to cipherboy
OpenBao Inserts Sensitive Information into Log File when processing malformed data Moderate
CVE-2025-52893 was published for github.com/openbao/openbao/sdk/v2 (Go) Jun 26, 2025
cipherboy Credited to cipherboy
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal Credited to lirantal
Incus creates nftables rules that partially bypass security options High
CVE-2025-52890 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obalpetre-anssi Credited to obalpetre-anssi and stgraber stgraber stgraber
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obalpetre-anssi Credited to obalpetre-anssi and stgraber stgraber stgraber
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens High
CVE-2025-52477 was published for github.com/octo-sts/app (Go) Jun 26, 2025
vicevirus Credited to vicevirus, cpanato, mgreau, and eslerm cpanato cpanato
mgreau mgreau eslerm eslerm
Xuxueli XXL-SSO Cross-site Scripting vulnerability Low
CVE-2025-6700 was published for com.xuxueli:xxl-sso (Maven) Jun 26, 2025
XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument Low
CVE-2025-6701 was published for com.xuxueli:xxl-sso (Maven) Jun 26, 2025
Gogs XSS allowed by stored call in PDF renderer Moderate
CVE-2025-47943 was published for github.com/gogs/gogs (Go) Jun 26, 2025
edoardottt Credited to edoardottt
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
Podman Improper Certificate Validation; machine missing TLS verification High
CVE-2025-6032 was published for github.com/containers/podman/v4 (Go) Jun 25, 2025
Luap99 Credited to Luap99
ProTip! Advisories are also available from the GraphQL API