GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24,966 advisories
ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login
High
CVE-2025-67495
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login
High
GHSA-pfrf-9r5f-73f5
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Critical
CVE-2025-67494
was published
for
github.com/zitadel/zitadel
(Go)
Dec 8, 2025
Static Web Server vulnerable to a symbolic link path traversal
Moderate
CVE-2025-67487
was published
for
static-web-server
(Rust)
Dec 8, 2025
@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server
Critical
CVE-2025-67489
was published
for
@vitejs/plugin-rsc
(npm)
Dec 8, 2025
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
High
CVE-2025-66631
was published
for
Csla
(NuGet)
Dec 8, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Critical
CVE-2025-65964
was published
for
n8n
(npm)
Dec 8, 2025
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Moderate
CVE-2025-66578
was published
for
robrichards/xmlseclibs
(Composer)
Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Critical
CVE-2025-66565
was published
for
github.com/gofiber/utils
(Go)
Dec 8, 2025
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
Moderate
CVE-2025-66508
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
1Panel – CAPTCHA Bypass via Client-Controlled Flag
High
CVE-2025-66507
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
Traefik Inverted TLS Verification Logic in ingress-nginx Provider
Moderate
CVE-2025-66491
was published
for
github.com/traefik/traefik/v3
(Go)
Dec 8, 2025
Path Normalization Bypass in Traefik Router + Middleware Rules
Moderate
CVE-2025-66490
was published
for
github.com/traefik/traefik
(Go)
Dec 8, 2025
ProTip!
Advisories are also available from the
GraphQL API