GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,066 advisories
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Critical
CVE-2025-55449
was published
for
astrbot
(pip)
Nov 14, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
Critical
CVE-2025-12762
was published
for
pgadmin4
(pip)
Nov 13, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
High
CVE-2025-64509
was published
for
bugsink
(pip)
Nov 13, 2025
changedetection.io: Stored XSS in Watch update via API
Low
CVE-2025-62780
was published
for
changedetection.io
(pip)
Nov 12, 2025
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
High
GHSA-f83h-ghpp-7wcc
was published
for
pdfminer.six
(pip)
Nov 7, 2025
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
High
CVE-2025-64512
was published
for
pdfminer.six
(pip)
Nov 7, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
High
CVE-2025-64496
was published
for
open-webui
(npm)
Nov 7, 2025
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
High
CVE-2025-64495
was published
for
open-webui
(npm)
Nov 7, 2025
Open redirect endpoint in Datasette
Low
CVE-2025-64481
was published
for
datasette
(pip)
Nov 6, 2025
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
High
CVE-2025-64439
was published
for
langgraph-checkpoint
(pip)
Nov 5, 2025
Weblate leaks the IP of project member inviting user to be reviewer in Audit log
Low
CVE-2025-64326
was published
for
weblate
(pip)
Nov 5, 2025
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
Moderate
CVE-2025-58337
was published
for
doris-mcp-server
(pip)
Nov 5, 2025
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Moderate
CVE-2025-64187
was published
for
octoprint
(pip)
Nov 4, 2025
Dosage vulnerable to a Directory Traversal through crafted HTTP responses
High
CVE-2025-64184
was published
for
dosage
(pip)
Nov 4, 2025
motionEye vulnerable to RCE via unsanitized motion config parameter
High
CVE-2025-60787
was published
for
motioneye
(pip)
Nov 3, 2025
ProTip!
Advisories are also available from the
GraphQL API