GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24,787 advisories
Better Auth affected by external request basePath modification DoS
Low
GHSA-569q-mpph-wgww
was published
for
better-auth
(npm)
Dec 1, 2025
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Low
GHSA-rcmh-qjqh-p98v
was published
for
nodemailer
(npm)
Dec 1, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Moderate
CVE-2025-66034
was published
for
fonttools
(pip)
Dec 1, 2025
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic
Moderate
CVE-2025-64715
was published
for
Ciliumgithub.com/cilium/cilium
(Go)
Dec 1, 2025
express improperly controls modification of query properties
Low
CVE-2024-51999
was published
for
express
(npm)
Dec 1, 2025
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
High
CVE-2025-66035
was published
for
@angular/common
(npm)
Nov 26, 2025
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Low
GHSA-wmjr-v86c-m9jj
was published
for
better-auth
(npm)
Nov 26, 2025
willitmerge has a Command Injection vulnerability
Moderate
CVE-2025-66219
was published
for
willitmerge
(npm)
Nov 26, 2025
node-forge has ASN.1 Unbounded Recursion
High
CVE-2025-66031
was published
for
node-forge
(npm)
Nov 26, 2025
node-forge is vulnerable to ASN.1 OID Integer Truncation
Moderate
CVE-2025-66030
was published
for
node-forge
(npm)
Nov 26, 2025
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization
High
CVE-2025-12816
was published
for
node-forge
(npm)
Nov 26, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Critical
CVE-2025-62593
was published
for
ray
(pip)
Nov 26, 2025
Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
High
CVE-2025-66020
was published
for
valibot
(npm)
Nov 26, 2025
OneUptime Unauthorized User Creation via API
High
CVE-2025-65966
was published
for
@oneuptime/common
(npm)
Nov 26, 2025
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Moderate
CVE-2025-66026
was published
for
redaxo/source
(Composer)
Nov 25, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Moderate
CVE-2025-66028
was published
for
@oneuptime/common
(npm)
Nov 25, 2025
ProTip!
Advisories are also available from the
GraphQL API