GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,778 advisories
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
Moderate
CVE-2025-34469
was published
for
cowrie
(pip)
Dec 20, 2025
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
Moderate
CVE-2025-68481
was published
for
fastapi-users
(pip)
Dec 19, 2025
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
Moderate
CVE-2025-68146
was published
for
filelock
(pip)
Dec 16, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Moderate
CVE-2025-68113
was published
for
altcha
(RubyGems)
Dec 16, 2025
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Moderate
CVE-2025-67715
was published
for
Weblate
(pip)
Dec 15, 2025
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Moderate
CVE-2025-67492
was published
for
Weblate
(pip)
Dec 15, 2025
Pyrofork has a Path Traversal in download_media Method
Moderate
CVE-2025-67720
was published
for
pyrofork
(pip)
Dec 10, 2025
HTTP/HTTPS Traffic Interception Bypass in mad-proxy
Moderate
CVE-2025-67485
was published
for
mad-proxy
(pip)
Dec 9, 2025
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information
Moderate
CVE-2025-14010
was published
for
ansible
(pip)
Dec 4, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Moderate
CVE-2025-66454
was published
for
arcade-mcp-server
(pip)
Dec 2, 2025
ProTip!
Advisories are also available from the
GraphQL API