Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,846
Erlang
36
GitHub Actions
33
Go
2,467
Maven
5,000+
npm
4,090
NuGet
733
pip
3,907
Pub
12
RubyGems
944
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,662 advisories

Loading
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip iwashiira
utshina on-keyday
ImageMagick has a Stack Buffer Overflow in image.c High
CVE-2025-53101 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) High
CVE-2025-26467 was published for org.apache.cassandra:cassandra-all (Maven) Aug 25, 2025
Adminer PHP Object Injection issue leads to Denial of Service High
CVE-2025-43960 was published for vrana/adminer (Composer) Aug 25, 2025
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser High
CVE-2025-54370 was published for phpoffice/phpspreadsheet (Composer) Aug 25, 2025
Liferay Portal stored cross-site scripting in text field of the web content structure Moderate
CVE-2025-43765 was published for com.liferay:com.liferay.journal.service (Maven) Aug 23, 2025
Liferay Portal allows unrestricted upload of file in the style books component Moderate
CVE-2025-43766 was published for com.liferay:com.liferay.style.book.web (Maven) Aug 23, 2025
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet Moderate
CVE-2025-43764 was published for com.liferay:com.liferay.portal.workflow.kaleo.designer.web (Maven) Aug 23, 2025
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect Moderate
CVE-2025-43767 was published for com.liferay:com.liferay.info.impl (Maven) Aug 23, 2025
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter Moderate
CVE-2025-43770 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Aug 23, 2025
Liferay Portal JSONWS API endpoint shares sensitive information Moderate
CVE-2025-43768 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 23, 2025
Liferay Portal vulnerable to Stored XSS in Components portlet Moderate
CVE-2025-43769 was published for com.liferay:com.liferay.plugins.admin.web (Maven) Aug 23, 2025
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry Moderate
CVE-2025-43758 was published for com.liferay:com.liferay.frontend.js.web (Maven) Aug 22, 2025
Liferay Portal users can upload an unlimited amount of files Moderate
CVE-2025-43762 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Aug 22, 2025
Liferay Portal users are able to add system admin portlets to pages Moderate
CVE-2025-43759 was published for com.liferay:com.liferay.layout.impl (Maven) Aug 22, 2025
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect Moderate
CVE-2025-43760 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal User Enumeration Vulnerability via the Create Account Page Moderate
CVE-2025-43751 was published for com.liferay:com.liferay.login.web (Maven) Aug 22, 2025
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety Low
GHSA-655h-hg88-5qmf was published for xcb (Rust) Aug 22, 2025
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config Moderate
GHSA-vv6j-3g6g-2pvj was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper Moderate
GHSA-vr7h-p6mm-wpmh was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers Moderate
GHSA-h3qp-7fh3-f8h4 was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run Moderate
GHSA-f745-w6jp-hpxx was published for picklescan (pip) Aug 22, 2025
FredericDT
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression Moderate
GHSA-f4x7-rfwp-v3xw was published for picklescan (pip) Aug 22, 2025
FredericDT
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database