GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24,926 advisories
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Next.js is vulnerable to RCE in React flight protocol
Critical
GHSA-9qr9-h5gf-34mp
was published
for
next
(npm)
Dec 3, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Critical
CVE-2025-65964
was published
for
n8n
(npm)
Dec 8, 2025
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Moderate
CVE-2025-66578
was published
for
robrichards/xmlseclibs
(Composer)
Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Critical
CVE-2025-66565
was published
for
github.com/gofiber/utils
(Go)
Dec 8, 2025
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
Moderate
CVE-2025-66508
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
1Panel – CAPTCHA Bypass via Client-Controlled Flag
High
CVE-2025-66507
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
Traefik Inverted TLS Verification Logic in ingress-nginx Provider
Moderate
CVE-2025-66491
was published
for
github.com/traefik/traefik/v3
(Go)
Dec 8, 2025
Path Normalization Bypass in Traefik Router + Middleware Rules
Moderate
CVE-2025-66490
was published
for
github.com/traefik/traefik
(Go)
Dec 8, 2025
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Moderate
CVE-2025-66202
was published
for
astro
(npm)
Dec 8, 2025
Emby Server API Vulnerability allowing to gain administrative access without precondition
Critical
CVE-2025-64113
was published
for
MediaBrowser.Server.Core
(NuGet)
Dec 8, 2025
Parcel has an Origin Validation Error vulnerability
Moderate
CVE-2025-56648
was published
for
@parcel/reporter-dev-server
(npm)
Sep 17, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
High
CVE-2025-66623
was published
for
io.strimzi:strimzi
(Maven)
Dec 5, 2025
ProTip!
Advisories are also available from the
GraphQL API