GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,390 advisories
TYPO3 Unverified Password Change for Backend Users
Low
CVE-2025-47938
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Allows Information Disclosure via DBAL Restriction Handling
Low
CVE-2025-47937
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 CMS Webhooks Server Side Request Forgery
Low
CVE-2025-47936
was published
for
typo3/cms-webhooks
(Composer)
May 20, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name
Low
CVE-2025-47931
was published
for
librenms/librenms
(Composer)
May 19, 2025
Vyper's `slice()` may elide side-effects when output length is 0
Low
CVE-2025-47774
was published
for
vyper
(pip)
May 16, 2025
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Low
CVE-2025-47285
was published
for
vyper
(pip)
May 16, 2025
undici Denial of Service attack via bad certificate data
Low
CVE-2025-47279
was published
for
undici
(npm)
May 15, 2025
Next.js Race Condition to Cache Poisoning
Low
CVE-2025-32421
was published
for
next
(npm)
May 15, 2025
Flask uses fallback key instead of current signing key
Low
CVE-2025-47278
was published
for
flask
(pip)
May 13, 2025
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
Low
CVE-2025-46718
was published
for
sudo-rs
(Rust)
May 13, 2025
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
Low
CVE-2025-46717
was published
for
sudo-rs
(Rust)
May 13, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`
Low
CVE-2025-46735
was published
for
github.com/nrkno/terraform-provider-windns
(Go)
May 6, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Low
CVE-2025-46720
was published
for
@keystone-6/core
(npm)
May 5, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
ProTip!
Advisories are also available from the
GraphQL API