GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24,467 advisories
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
High
CVE-2025-64104
was published
for
langgraph-checkpoint-sqlite
(pip)
Oct 29, 2025
Zitadel May Bypass Second Authentication Factor
High
CVE-2025-64103
was published
for
github.com/zitadel/zitadel/v2
(Go)
Oct 29, 2025
Zitadel allows brute-forcing authentication factors
High
CVE-2025-64102
was published
for
github.com/zitadel/zitadel/v2
(Go)
Oct 29, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection
High
CVE-2025-64101
was published
for
github.com/zitadel/zitadel/v2
(Go)
Oct 29, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
GHSA-pqhf-p39g-3x64
was published
for
uv
(pip)
Oct 29, 2025
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
Critical
CVE-2025-64095
was published
for
DNN.PLATFORM
(NuGet)
Oct 29, 2025
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Moderate
CVE-2025-64094
was published
for
DotNetNuke.Core
(NuGet)
Oct 29, 2025
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
Moderate
CVE-2025-62802
was published
for
Dnn.Platform
(NuGet)
Oct 29, 2025
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Moderate
CVE-2025-62801
was published
for
fastmcp
(pip)
Oct 29, 2025
FastMCP vulnerable to reflected XSS in client's callback page
Moderate
CVE-2025-62800
was published
for
fastmcp
(pip)
Oct 29, 2025
FastMCP Auth Integration Allows for Confused Deputy Account Takeover
High
GHSA-c2jp-c369-7pvx
was published
for
fastmcp
(pip)
Oct 29, 2025
CKAN vulnerable to stored XSS in resource description
Moderate
CVE-2025-54384
was published
for
ckan
(pip)
Oct 29, 2025
ProTip!
Advisories are also available from the
GraphQL API