GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21,432 advisories
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
High
CVE-2025-27154
was published
for
spotipy
(pip)
Feb 28, 2025
Mautic allows Relative Path Traversal in assets file upload
Moderate
CVE-2022-25773
was published
for
mautic/core
(Composer)
Feb 26, 2025
Mautic allows Improper Authorization in Reporting API
High
CVE-2024-47053
was published
for
mautic/core
(Composer)
Feb 26, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47051
was published
for
mautic/core
(Composer)
Feb 26, 2025
copyparty renders unsanitized filenames as HTML when user uploads empty files
Low
CVE-2025-27145
was published
for
copyparty
(pip)
Feb 26, 2025
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout
High
CVE-2025-1634
was published
for
io.quarkus:quarkus-resteasy
(Maven)
Feb 26, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
Navidrome allows an authentication bypass in Subsonic API with non-existent username
Moderate
CVE-2025-27112
was published
for
github.com/navidrome/navidrome
(Go)
Feb 25, 2025
LTI JupyterHub Authenticator does not properly validate JWT Signature
Critical
CVE-2023-25574
was published
for
jupyterhub-ltiauthenticator
(pip)
Feb 25, 2025
ProTip!
Advisories are also available from the
GraphQL API