GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24,943 advisories
Open Redirect Vulnerability in Taguette
Moderate
CVE-2025-67502
was published
for
taguette
(pip)
Dec 9, 2025
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
High
CVE-2025-66645
was published
for
nicegui
(pip)
Dec 9, 2025
ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login
High
CVE-2025-67495
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login
High
GHSA-pfrf-9r5f-73f5
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Critical
CVE-2025-67494
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
High
CVE-2025-66631
was published
for
Csla
(NuGet)
Dec 8, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Critical
CVE-2025-65964
was published
for
n8n
(npm)
Dec 8, 2025
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Moderate
CVE-2025-66578
was published
for
robrichards/xmlseclibs
(Composer)
Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Critical
CVE-2025-66565
was published
for
github.com/gofiber/utils
(Go)
Dec 8, 2025
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
Moderate
CVE-2025-66508
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
ProTip!
Advisories are also available from the
GraphQL API