Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,796
Maven
5,000+
npm
4,411
NuGet
772
pip
4,183
Pub
12
RubyGems
965
Rust
1,078
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,271 advisories

Loading
Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU) Moderate
CVE-2025-69211 was published for @nestjs/platform-fastify (npm) Dec 30, 2025
phpMyFAQ has unauthenticated config backup download via /api/setup/backup High
CVE-2025-69200 was published for thorsten/phpmyfaq (Composer) Dec 30, 2025
eclipse07077-ljw
Credited to eclipse07077-ljw
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter High
GHSA-46h3-79wf-xr6c was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller High
GHSA-955r-x9j8-7rhh was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length Moderate
GHSA-6556-fwc2-fg2p was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef High
GHSA-rrxm-2pvv-m66x was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host” Low
GHSA-mgr9-6c2j-jxrq was published for pterodactyl/panel (Composer) Dec 30, 2025
4rdr
Credited to 4rdr
Visual Studio Code Go extension has unexpected untrusted code execution Moderate
CVE-2025-68120 was published for github.com/golang/vscode-go (Go) Dec 30, 2025
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval Moderate
GHSA-cffc-mxrf-mhh4 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
phpMyFAQ has Stored XSS in user list via admin-managed display_name Moderate
CVE-2025-68951 was published for thorsten/phpmyfaq (Composer) Dec 29, 2025
eclipse07077-ljw
Credited to eclipse07077-ljw
hemmelig allows SSRF Filter bypass via Secret Request functionality Moderate
CVE-2025-69206 was published for hemmelig (npm) Dec 29, 2025
Alakinnn
Credited to Alakinnn
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval High
GHSA-3329-ghmp-jmv5 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller High
GHSA-x843-g5mx-g377 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef High
GHSA-r8g5-cgf2-4m4m was published for picklescan (pip) Dec 29, 2025
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva
Credited to yarienkiva
Picklescan missing detection when calling pty.spawn High
GHSA-vqmv-47xg-9wpr was published for picklescan (pip) Dec 29, 2025
geo-lit 0x00nier
Credited to geo-lit and 0x00nier
Picklescan has Incomplete List of Disallowed Inputs High
GHSA-84r2-jw7c-4r5q was published for picklescan (pip) Dec 29, 2025
0x-Apollyon
Credited to 0x-Apollyon
Picklescan does not block ctypes High
GHSA-4675-36f9-wf6r was published for picklescan (pip) Dec 29, 2025
0x-Apollyon
Credited to 0x-Apollyon
Picklescan vulnerable to Arbitrary File Writing High
GHSA-m273-6v24-x4m4 was published for picklescan (pip) Dec 29, 2025
0x-Apollyon
Credited to 0x-Apollyon
SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key Low
CVE-2025-15107 was published for github.com/actiontech/sqle (Go) Dec 27, 2025
FastMCP updated to MCP 1.23+ due to CVE-2025-66416 High
GHSA-rcfx-77hg-w2wv was published for fastmcp (pip) Dec 26, 2025
phvalguima
Credited to phvalguima
ruint affected by unsoundness of safe `reciprocal_mg10` Moderate
GHSA-9fjq-45qv-pcm7 was published for ruint (Rust) Dec 26, 2025
Croogo CMS has a path traversal vulnerability High
CVE-2024-42718 was published for croogo/croogo (Composer) Dec 26, 2025
apidoc-core has a prototype pollution vulnerability Critical
CVE-2025-13158 was published for apidoc-core (npm) Dec 26, 2025
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu
Credited to berkdedekarginoglu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database