GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11,090 advisories
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
Moderate
CVE-2025-66508
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Moderate
CVE-2025-66578
was published
for
robrichards/xmlseclibs
(Composer)
Dec 8, 2025
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Moderate
CVE-2025-13877
was published
for
@nocobase/auth
(npm)
Dec 9, 2025
CNA Plugins Portmap nftables backend can intercept non-local traffic
Moderate
CVE-2025-67499
was published
for
github.com/containernetworking/plugins
(Go)
Dec 9, 2025
HTTP/HTTPS Traffic Interception Bypass in mad-proxy
Moderate
CVE-2025-67485
was published
for
mad-proxy
(pip)
Dec 9, 2025
Traefik Inverted TLS Verification Logic in ingress-nginx Provider
Moderate
CVE-2025-66491
was published
for
github.com/traefik/traefik/v3
(Go)
Dec 8, 2025
Path Normalization Bypass in Traefik Router + Middleware Rules
Moderate
CVE-2025-66490
was published
for
github.com/traefik/traefik
(Go)
Dec 8, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Moderate
CVE-2025-66202
was published
for
astro
(npm)
Dec 8, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Moderate
GHSA-9x4v-xfq5-m8x5
was published
for
better-auth
(npm)
Feb 5, 2025
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
ProTip!
Advisories are also available from the
GraphQL API