Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,874
Erlang
37
GitHub Actions
36
Go
2,520
Maven
5,000+
npm
4,160
NuGet
741
pip
3,961
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,974 advisories

Loading
Openfire has potential identity spoofing issue via unsafe CN parsing Moderate
CVE-2025-59154 was published for org.igniterealtime.openfire:xmppserver (Maven) Sep 16, 2025
onmywaytoheaven
Liferay has Insecure Default Initialization of Resource issue Moderate
CVE-2025-43797 was published for com.liferay:com.liferay.site.admin.web (Maven) Sep 16, 2025
Liferay Stored Cross-site Scripting vulnerability Moderate
CVE-2025-43802 was published for com.liferay.workspace:com.liferay.ticket.workspace (Maven) Sep 16, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59331 was published for is-arrayish (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59330 was published for error-ex (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59162 was published for color-convert (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59145 was published for color-name (npm) Sep 15, 2025
Liferay DXP Missing Critical Step in Authentication Low
CVE-2025-43798 was published for com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web (Maven) Sep 15, 2025
Liferay Portal Uses Default Password Moderate
CVE-2025-43799 was published for com.liferay.portal:release.portal.bom (Maven) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59144 was published for debug (npm) Sep 15, 2025
Liferay Portal Cross-site Scripting (XSS) vulnerability Moderate
CVE-2025-43800 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59143 was published for color (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59142 was published for color-string (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59141 was published for simple-swizzle (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59140 was published for backslash (npm) Sep 15, 2025
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-59155 was published for hackmd-mcp (npm) Sep 15, 2025
yuna0x0
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark Moderate
CVE-2025-9862 was published for ghost (npm) Sep 15, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Flowise has arbitrary file access due to missing chat flow id validation Critical
GHSA-q67q-549q-p849 was published for flowise (npm) Sep 15, 2025
rpie9
Flowise has an Arbitrary File Read Critical
GHSA-99pg-hqvx-r4gf was published for flowise (npm) Sep 15, 2025
dwbzn
Flowise has Remote Code Execution vulnerability Critical
CVE-2025-59528 was published for flowise (npm) Sep 15, 2025
im-soohyun
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability High
CVE-2025-59527 was published for flowise (npm) Sep 15, 2025
im-soohyun
FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-7944-7c6r-55vv was published for flowise (npm) Sep 15, 2025
Dipper37701
Liferay Portal vulnerable to Cross-site Scripting Moderate
CVE-2025-43791 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
Liferay Portal has External Control of System or Configuration Settings Low
CVE-2025-43792 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database