GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12,820 advisories
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Low
GHSA-rcmh-qjqh-p98v
was published
for
nodemailer
(npm)
Dec 1, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
Withdrawn Advisory: express improperly controls modification of query properties
Low
CVE-2024-51999
was published
for
express
(npm)
Dec 1, 2025
•
withdrawn
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Low
GHSA-wmjr-v86c-m9jj
was published
for
better-auth
(npm)
Nov 26, 2025
Contao is vulnerable to cross-site scripting in templates
Low
CVE-2025-65961
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM
Low
CVE-2025-65942
was published
for
github.com/VictoriaMetrics/VictoriaMetrics
(Go)
Nov 25, 2025
ProTip!
Advisories are also available from the
GraphQL API