Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

26 advisories

Loading
Apache IoTDB: Deserialization of untrusted Data Critical
CVE-2025-48459 was published for apache-iotdb (Maven) Sep 24, 2025
cai0duque Credited to cai0duque
Keras is vulnerable to Deserialization of Untrusted Data High
CVE-2025-9906 was published for keras (pip) Sep 19, 2025
cai0duque Credited to cai0duque
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions High
CVE-2025-59828 was published for @anthropic-ai/claude-code (npm) Sep 24, 2025
cai0duque Credited to cai0duque
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
cai0duque Credited to cai0duque, bentasker, swils23, ichard26, and gcbirzan-plutoflume bentasker bentasker
swils23 swils23 ichard26 ichard26 gcbirzan-plutoflume gcbirzan-plutoflume
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque Credited to cai0duque
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Moderate
CVE-2025-58457 was published for org.apache.zookeeper:zookeeper (Maven) Sep 24, 2025
cai0duque Credited to cai0duque
lukaselmer Credited to lukaselmer and cai0duque cai0duque cai0duque
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque Credited to cai0duque
WSO2 Identity Server Apps allows content spoofing in logs Moderate
CVE-2024-6429 was published for org.wso2.identity.apps:authentication-portal (Maven) Sep 23, 2025
cai0duque Credited to cai0duque
Template Secret leakage in logs in Scaffolder when using `fetch:template` Low
CVE-2025-55285 was published for @backstage/plugin-scaffolder-backend (npm) Aug 15, 2025
cai0duque Credited to cai0duque
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
cai0duque Credited to cai0duque
Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth Moderate
GHSA-qhwp-454g-2gv4 was published for express-xss-sanitizer (npm) Sep 15, 2025 withdrawn
cai0duque Credited to cai0duque and AhmedAdelFahim AhmedAdelFahim AhmedAdelFahim
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque Credited to cai0duque
The AuthKit Remix Library renders sensitive auth data in HTML High
CVE-2025-55009 was published for @workos-inc/authkit-remix (npm) Aug 8, 2025
cai0duque Credited to cai0duque
cai0duque Credited to cai0duque
@sequa-ai/sequa-mcp has Command Injection vulnerability Moderate
CVE-2025-10619 was published for @sequa-ai/sequa-mcp (npm) Sep 17, 2025
cai0duque Credited to cai0duque
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
cai0duque Credited to cai0duque
mcp-kubernetes-server has an OS Command Injection vulnerability Critical
CVE-2025-59377 was published for mcp-kubernetes-server (pip) Sep 15, 2025
cai0duque Credited to cai0duque
mcp-kubernetes-server has a Command Injection vulnerability Moderate
CVE-2025-59376 was published for mcp-kubernetes-server (pip) Sep 15, 2025
cai0duque Credited to cai0duque
InvokeAI has External Control of File Name or Path Critical
CVE-2025-6237 was published for invokeai (pip) Sep 18, 2025
cai0duque Credited to cai0duque
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Moderate
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
cai0duque Credited to cai0duque
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Moderate
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
cai0duque Credited to cai0duque
Decap CMS Cross Site Scripting (XSS) vulnerability Moderate
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
cai0duque Credited to cai0duque
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque Credited to cai0duque
@digitalocean/do-markdownit has Type Confusion vulnerability Moderate
CVE-2025-59717 was published for @digitalocean/do-markdownit (npm) Sep 19, 2025
cai0duque Credited to cai0duque
ProTip! Advisories are also available from the GraphQL API