Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,111 advisories

Loading
lsFusion Platform has Path Traversal vulnerability Moderate
CVE-2025-13262 was published for lsfusion.platform:web-client (Maven) Nov 17, 2025
vlife-base has Path Traversal vulnerability Moderate
CVE-2025-13266 was published for io.github.wwwlike:vlife-base (Maven) Nov 17, 2025
lsFusion Platform has Path Traversal vulnerability Moderate
CVE-2025-13261 was published for lsfusion.platform:web-client (Maven) Nov 17, 2025
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-7xw4-g7mm-r4hh was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Nov 13, 2025
Keycloak allows Binding to an Unrestricted IP Address Moderate
CVE-2025-11538 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 13, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection High
CVE-2025-64518 was published for org.cyclonedx:cyclonedx-core-java (Maven) Nov 10, 2025
nscuro BrightKn1ght
Credited to nscuro and BrightKn1ght
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks Moderate
CVE-2025-10713 was published for org.wso2.carbon.mediation:org.wso2.carbon.localentry (Maven) Nov 5, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
Liferay Portal and DXP do not check permissions of images in a blog entry Moderate
CVE-2025-62275 was published for com.liferay:com.liferay.blogs.item.selector.web (Maven) Nov 1, 2025
Liferay Portal and DXP use an incorrect cache-control header Moderate
CVE-2025-62276 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Nov 1, 2025
Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page Moderate
CVE-2025-62267 was published for com.liferay:com.liferay.dynamic.data.mapping.item.selector.web (Maven) Oct 31, 2025
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter Moderate
CVE-2025-62264 was published for com.liferay.portal:release.portal.bom (Maven) Oct 31, 2025
Liferay Portal is vulnerable to XSS in the Blogs widget Moderate
CVE-2025-62265 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Liferay Portal is vulnerable to DNS rebinding attacks Moderate
CVE-2025-62266 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Liferay Portal vulnerable to password enumeration Moderate
CVE-2025-62257 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check Moderate
CVE-2025-64149 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64148 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form Moderate
CVE-2025-64147 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64150 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins JDepend Plugin vulnerable to XML external entity attacks High
CVE-2025-64134 was published for org.jenkins-ci.plugins:jdepend (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64138 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin is missing a permission check Moderate
CVE-2025-64139 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files Moderate
CVE-2025-64143 was published for com.openshift.jenkins:openshift-pipeline (Maven) Oct 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database