GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,493 advisories
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Critical
CVE-2025-55449
was published
for
astrbot
(pip)
Nov 14, 2025
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
Flowise is vulnerable to arbitrary file write through its WriteFileTool
Critical
CVE-2025-61913
was published
for
Flowise
(npm)
Oct 9, 2025
Soft Serve is vulnerable to SSRF through its Webhooks
Critical
CVE-2025-64522
was published
for
github.com/charmbracelet/soft-serve
(Go)
Nov 10, 2025
ingress-nginx admission controller RCE escalation
Critical
CVE-2025-1974
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency
Critical
GHSA-6jqf-mv7m-3q7p
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Nov 13, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
Critical
CVE-2025-12762
was published
for
pgadmin4
(pip)
Nov 13, 2025
@react-native-community/cli has arbitrary OS command injection
Critical
CVE-2025-11953
was published
for
@react-native-community/cli
(npm)
Nov 3, 2025
Apache IoTDB: Deserialization of untrusted Data
Critical
CVE-2025-48459
was published
for
org.apache.iotdb:iotdb-confignode
(Maven)
Sep 24, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical
CVE-2025-54988
was published
for
org.apache.tika:tika-parser-pdf-module
(Maven)
Aug 20, 2025
ProTip!
Advisories are also available from the
GraphQL API