GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11,092 advisories
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Moderate
CVE-2025-66312
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
Moderate
CVE-2025-66311
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav Exposes Password Hashes Leading to privilege escalation
Moderate
CVE-2025-66304
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav is vulnerable to a DOS on the admin panel
Moderate
CVE-2025-66303
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Werkzeug safe_join() allows Windows special device names
Moderate
CVE-2025-66221
was published
for
werkzeug
(pip)
Dec 2, 2025
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Moderate
CVE-2025-66034
was published
for
fonttools
(pip)
Dec 1, 2025
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic
Moderate
CVE-2025-64715
was published
for
Ciliumgithub.com/cilium/cilium
(Go)
Dec 1, 2025
Apache SkyWalking has a stored XSS vulnerability
Moderate
CVE-2025-54057
was published
for
org.apache.skywalking:apm-webapp
(Maven)
Nov 27, 2025
willitmerge has a Command Injection vulnerability
Moderate
CVE-2025-66219
was published
for
willitmerge
(npm)
Nov 26, 2025
node-forge is vulnerable to ASN.1 OID Integer Truncation
Moderate
CVE-2025-66030
was published
for
node-forge
(npm)
Nov 26, 2025
ProTip!
Advisories are also available from the
GraphQL API