GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
25,127 advisories
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Moderate
CVE-2025-67735
was published
for
io.netty:netty-codec-http
(Maven)
Dec 15, 2025
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Moderate
CVE-2025-67715
was published
for
Weblate
(pip)
Dec 15, 2025
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Moderate
CVE-2025-67492
was published
for
Weblate
(pip)
Dec 15, 2025
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
Critical
GHSA-vr6p-vq2p-6j74
was published
for
likec4
(npm)
Dec 15, 2025
•
withdrawn
Misskey has a login rate limit bypass via spoofed X-Forwarded-For header
Moderate
CVE-2025-66482
was published
for
misskey-js
(npm)
Dec 15, 2025
misskey.js's export data contains private post data
High
CVE-2025-66402
was published
for
misskey-js
(npm)
Dec 15, 2025
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
High
CVE-2025-67721
was published
for
io.airlift:aircompressor-v3
(Maven)
Dec 12, 2025
ProTip!
Advisories are also available from the
GraphQL API