Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,106 advisories

Loading
mcp-server-git has missing path validation when using --repository flag Moderate
CVE-2025-68145 was published for mcp-server-git (pip) Dec 17, 2025
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files Moderate
CVE-2025-68144 was published for mcp-server-git (pip) Dec 17, 2025
Mattermost Desktop App exposes sensitive information in its application logs Low
CVE-2025-13321 was published for mattermost-desktop (npm) Dec 17, 2025
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency Moderate
GHSA-vvg7-8rmq-92g7 was published for auth0/wordpress (Composer) Dec 17, 2025
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK Moderate
GHSA-f3r2-88mq-9v4g was published for auth0/symfony (Composer) Dec 17, 2025
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency Moderate
GHSA-7hh9-gp72-wh7h was published for auth0/login (Composer) Dec 17, 2025
Auth0-PHP SDK has Improper Audience Validation Moderate
CVE-2025-68129 was published for auth0/auth0-php (Composer) Dec 17, 2025
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations Moderate
CVE-2025-68143 was published for mcp-server-git (pip) Dec 17, 2025
Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component Critical
CVE-2025-67165 was published for pagekit/pagekit (Composer) Dec 17, 2025
Pagekit CMS is vulnerable to OS Command Injection via Storage component Critical
CVE-2025-67164 was published for pagekit/pagekit (Composer) Dec 17, 2025
jose4j is vulnerable to DoS via compressed JWE content High
CVE-2024-29371 was published for org.bitbucket.b_c:jose4j (Maven) Dec 17, 2025
Duplicate Advisory: python-jose denial of service via compressed JWE content Moderate
CVE-2024-29370 was published for python-jose (pip) Dec 17, 2025 withdrawn
Mattermost has missing redirect URL validation Low
CVE-2025-62690 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context Critical
CVE-2025-67895 was published for apache-airflow-providers-edge3 (pip) Dec 17, 2025
systeminformation has a Command Injection vulnerability in fsSize() function on Windows High
CVE-2025-68154 was published for systeminformation (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter High
CVE-2025-68150 was published for parse-server (npm) Dec 16, 2025
yueyueL mtrezza
Credited to yueyueL and mtrezza
Expr has Denial of Service via Unbounded Recursion in Builtin Functions High
CVE-2025-68156 was published for github.com/expr-lang/expr (Go) Dec 16, 2025
thevilledev
Credited to thevilledev
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference High
CVE-2025-68274 was published for github.com/emiago/sipgo (Go) Dec 16, 2025
sandrogauci
Credited to sandrogauci
Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits High
GHSA-x732-6j76-qmhm was published for better-auth (npm) Dec 16, 2025
goksan
Credited to goksan
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation Moderate
CVE-2025-68146 was published for filelock (pip) Dec 16, 2025
tsigouris007 gaborbernat
Credited to tsigouris007 and gaborbernat
PyMdown Extensions has a ReDOS bug in its Figure Capture extension Low
CVE-2025-68142 was published for pymdown-extensions (pip) Dec 16, 2025
Libredesk has Improper Neutralization of HTML Tags in a Web Page High
GHSA-wh6m-h6f4-rjf4 was published for github.com/abhinavxd/libredesk (Go) Dec 16, 2025
PlayerIUnknown
Credited to PlayerIUnknown
tRPC has possible prototype pollution in `experimental_nextAppDirCaller` High
CVE-2025-68130 was published for @trpc/server (npm) Dec 16, 2025
Pr00fOf3xpl0it
Credited to Pr00fOf3xpl0it
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database