GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,363 advisories
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
Critical
CVE-2025-54576
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
tj-actions/branch-names has a Command Injection Vulnerability
Critical
CVE-2025-54416
was published
for
tj-actions/branch-names
(GitHub Actions)
Jul 25, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Critical
GHSA-75jv-vfxf-3865
was published
for
assemblyline-service-client
(pip)
Jul 25, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Critical
CVE-2025-54127
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jul 21, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability
Critical
CVE-2025-54082
was published
for
manogi/nova-tiptap
(Composer)
Jul 21, 2025
form-data uses unsafe random function in form-data for choosing boundary
Critical
CVE-2025-7783
was published
for
form-data
(npm)
Jul 21, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA
Critical
CVE-2025-53890
was published
for
pyload-ng
(pip)
Jul 15, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Critical
CVE-2025-53836
was published
for
org.xwiki.rendering:xwiki-rendering-transformation-macro
(Maven)
Jul 14, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
Critical
CVE-2025-53624
was published
for
docusaurus-plugin-content-gists
(npm)
Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
Critical
CVE-2025-53620
was published
for
@builder.io/qwik-city
(npm)
Jul 9, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data
Critical
CVE-2025-32897
was published
for
org.apache.seata:seata-config-core
(Maven)
Jun 28, 2025
ProTip!
Advisories are also available from the
GraphQL API