GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21,400 advisories
Mautic allows Relative Path Traversal in assets file upload
Moderate
CVE-2022-25773
was published
for
mautic/core
(Composer)
Feb 26, 2025
Mautic allows Improper Authorization in Reporting API
High
CVE-2024-47053
was published
for
mautic/core
(Composer)
Feb 26, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47051
was published
for
mautic/core
(Composer)
Feb 26, 2025
copyparty renders unsanitized filenames as HTML when user uploads empty files
Low
CVE-2025-27145
was published
for
copyparty
(pip)
Feb 26, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
Navidrome allows an authentication bypass in Subsonic API with non-existent username
Moderate
CVE-2025-27112
was published
for
github.com/navidrome/navidrome
(Go)
Feb 25, 2025
LTI JupyterHub Authenticator does not properly validate JWT Signature
Critical
CVE-2023-25574
was published
for
jupyterhub-ltiauthenticator
(pip)
Feb 25, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Critical
GHSA-vp58-j275-797x
was published
for
better-auth
(npm)
Feb 24, 2025
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
Moderate
CVE-2025-27143
was published
for
better-auth
(npm)
Feb 24, 2025
ProTip!
Advisories are also available from the
GraphQL API