Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,736 advisories

Loading
CNA Plugins Portmap nftables backend can intercept non-local traffic Moderate
CVE-2025-67499 was published for github.com/containernetworking/plugins (Go) Dec 9, 2025
agusdallalba champtar
Credited to agusdallalba and champtar
SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin High
GHSA-4r66-7rcv-x46x was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 9, 2025
sebastianosrt
Credited to sebastianosrt
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE High
CVE-2025-67488 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 9, 2025
MrRauL124
Credited to MrRauL124
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond Moderate
GHSA-4rmq-mc2c-r495 was published for github.com/babylonlabs-io/babylon (Go) Dec 9, 2025
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers High
GHSA-m6wq-66p2-c8pc was published for github.com/babylonlabs-io/babylon (Go) Dec 8, 2025
ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login High
CVE-2025-67495 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login High
GHSA-pfrf-9r5f-73f5 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login Critical
CVE-2025-67494 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
memos vulnerability allows the creation of arbitrary accounts High
CVE-2025-65795 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos lacks file name validation or verification Moderate
CVE-2025-65799 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily modification or deletion registered identity providers Moderate
CVE-2025-65797 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily modification or deletion of attachments Moderate
CVE-2025-65798 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily reactions deletion Moderate
CVE-2025-65796 was published for github.com/usememos/memos (Go) Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors
Credited to sixcolors
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers Moderate
CVE-2025-66508 was published for github.com/1Panel-dev/1Panel (Go) Dec 8, 2025
Threonine
Credited to Threonine
1Panel – CAPTCHA Bypass via Client-Controlled Flag High
CVE-2025-66507 was published for github.com/1Panel-dev/1Panel (Go) Dec 8, 2025
aliyevmursal
Credited to aliyevmursal
Traefik Inverted TLS Verification Logic in ingress-nginx Provider Moderate
CVE-2025-66491 was published for github.com/traefik/traefik/v3 (Go) Dec 8, 2025
pavelkohout396
Credited to pavelkohout396
Path Normalization Bypass in Traefik Router + Middleware Rules Moderate
CVE-2025-66490 was published for github.com/traefik/traefik (Go) Dec 8, 2025
ShadoooooW
Credited to ShadoooooW
Sigstore Timestamp Authority allocates excessive memory during request parsing High
CVE-2025-66564 was published for github.com/sigstore/timestamp-authority (Go) Dec 5, 2025
Fulcio allocates excessive memory during token parsing High
CVE-2025-66506 was published for github.com/sigstore/fulcio (Go) Dec 5, 2025
adeinega
Credited to adeinega
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte Moderate
CVE-2025-66220 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
ggreenway yanavlasov agrawroh
Credited to botengyao, phlax, ggreenway, yanavlasov, and agrawroh
Envoy forwards early CONNECT data in TCP proxy mode Low
CVE-2025-64763 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
yanavlasov agrawroh
Credited to botengyao, phlax, yanavlasov, and agrawroh
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
agrawroh yanavlasov
Credited to botengyao, phlax, agrawroh, and yanavlasov
Logrus is vulnerable to DoS when using Entry.Writer() High
CVE-2025-65637 was published for github.com/sirupsen/logrus (Go) Dec 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database