Security Advisories
Browse security advisories and track which Dependabot PRs address them.
24,785
Total Advisories
1,792
With Dependabot PRs
3,506
Critical Severity
8,617
High Severity
Liferay Portal and DXP allows users to add a note to a different virtual instance
GHSA-f372-9rcj-8w2c CVE-2025-43810 MODERATE 2 months ago
Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4....
maven
No PRs yet
DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field
GHSA-7rcc-q6rq-jpcm CVE-2025-59539 MODERATE 2 months ago
## Summary
Users can use special syntax to inject javascript code in their profile biography field. Although there was sanitization in place, it di...
nuget
No PRs yet
DNN allows loading unused themes on anonymous clients through query parameters
GHSA-wq2j-w9pm-7x2p CVE-2025-59535 MODERATE 2 months ago
### Summary
Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page...
nuget
No PRs yet
Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
GHSA-vh3f-qppr-j97f CVE-2025-59430 HIGH 2 months ago
### Summary
The lack of sanitization of URLs protocols in the `createLink.openLink` function enables the execution of arbitrary JavaScript code wit...
npm
No PRs yet
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field
GHSA-jh9h-8xf2-25wj CVE-2025-43807 MODERATE 2 months ago
Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 th...
maven
No PRs yet
H2O affected by a deserialization vulnerability
GHSA-5w3j-gwgh-4rfv CVE-2025-6544 CRITICAL 2 months ago
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary...
maven
pypi
No PRs yet
CodeChecker has a buffer overflow in the log command
GHSA-5xf2-f6ch-6p8r CVE-2025-40843 MODERATE 2 months ago
### Summary
CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal `ldlogger` library, which is executed by the ...
pypi
No PRs yet
Mailgen: HTML injection vulnerability in plaintext e-mails
GHSA-j2xj-h7w5-r7vp CVE-2025-59526 MODERATE 2 months ago
# HTML Injection and XSS Filter Bypass in Plaintext Emails
### Summary
An HTML injection vulnerability in plaintext emails generated by Mailgen ha...
npm
No PRs yet
`git-comiters` Command Injection vulnerability
GHSA-g38c-wxjf-xrh6 CVE-2025-59831 HIGH 2 months ago
## Background on the vulnerability
This vulnerability manifests with the library's primary exported API: `gitCommiters(options, callback)`
which a...
npm
No PRs yet
@conventional-changelog/git-client has Argument Injection vulnerability
GHSA-vh25-5764-9wcr CVE-2025-59433 MODERATE 2 months ago
## Background on exploitation
This vulnerability manifests with the library's `getTags()` API,
which allows specifying extra parameters passed to ...
npm
10
Dependabot PRs
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal
GHSA-mm7x-qfjj-5g2c LOW 2 months ago
Affected versions of this crate did not correctly strip namespace-incompatible tags
in certain situations, causing it to incorrectly account for di...
cargo
No PRs yet
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
GHSA-9ggr-2464-2j32 CVE-2025-59420 HIGH 2 months ago
## Summary
Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (`crit`), violating RFC 7515 “must‑understand”...
pypi
No PRs yet
Mattermost boards plugin fails to restrict download access to files
GHSA-f72g-52v7-mg3p CVE-2025-9081 LOW 2 months ago
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download s...
go
No PRs yet
Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource
GHSA-chr3-w547-85hw CVE-2025-43808 MODERATE 2 months ago
The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA...
maven
No PRs yet
Mattermost Path Traversal vulnerability
GHSA-qx3f-6vq3-8j8m CVE-2025-9079 HIGH 2 months ago
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory p...
go
No PRs yet
Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability
GHSA-697h-3q6m-jwp4 CVE-2025-43809 MODERATE 2 months ago
Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsu...
maven
No PRs yet
Liferay Contacts Center widget has insecure direct object reference
GHSA-8c8v-r5jj-4425 CVE-2025-43803 MODERATE 2 months ago
Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupporte...
maven
No PRs yet
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
GHSA-36rr-ww3j-vrjv CVE-2025-9905 HIGH 2 months ago
**Note:** This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I’ve ch...
pypi
No PRs yet
Codex has sandbox bypass due to bug in path configuration logic
GHSA-w5fx-fh39-j5rw CVE-2025-59532 HIGH 2 months ago
Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated `cwd` as the sandbox’s writable root, including paths outs...
npm
No PRs yet
Grafana-Zabbix ReDoS vulnerability
GHSA-g4rr-88fc-26fj CVE-2025-10630 MODERATE 2 months ago
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data f...
go
No PRs yet
Keras is vulnerable to Deserialization of Untrusted Data
GHSA-36fq-jgmw-4r9c CVE-2025-9906 HIGH 2 months ago
### Arbitrary Code Execution in Keras
Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted `.keras` model arch...
pypi
No PRs yet
@digitalocean/do-markdownit has Type Confusion vulnerability
GHSA-2h8j-8r9p-849f CVE-2025-59717 MODERATE 2 months ago
### Overview
A type confusion issue exists in the `@digitalocean/do-markdownit` package. In the `callout` and `fence_environment` plugins, the `all...
npm
No PRs yet
Snipe-IT allows unsafe deserialization
GHSA-phwj-fgch-xvrj CVE-2025-59713 MODERATE 2 months ago
Snipe-IT before 8.1.18 allows unsafe deserialization.
packagist
No PRs yet
Snipe-IT allows XSS
GHSA-c9wp-pr7f-hfqm CVE-2025-59712 MODERATE 2 months ago
Snipe-IT before 8.1.18 allows XSS.
packagist
No PRs yet
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
GHSA-m79r-r765-5f9j CVE-2025-59417 MODERATE 2 months ago
### Summary
We identified a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code ...
npm
No PRs yet
InvokeAI has External Control of File Name or Path
GHSA-vv9c-xxg7-wmv7 CVE-2025-6237 CRITICAL 2 months ago
### Path Traversal Vulnerability in InvokeAI
A path traversal vulnerability in **InvokeAI** (versions < 6.7.0) allows an unauthenticated remote at...
pypi
No PRs yet
@sequa-ai/sequa-mcp has Command Injection vulnerability
GHSA-9pw5-wx67-q964 CVE-2025-10619 MODERATE 2 months ago
A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oau...
npm
No PRs yet
Parcel has an Origin Validation Error vulnerability
GHSA-qm9p-f9j5-w83w CVE-2025-56648 MODERATE 2 months ago
parcel versions 1.6.0 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's dev...
npm
No PRs yet
Pingora update for MadeYouReset HTTP/2 vulnerability
GHSA-393w-9x6h-8gc7 HIGH 2 months ago
Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, P...
cargo
No PRs yet
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival
GHSA-p6jq-8vc4-79f6 CVE-2025-59414 LOW 2 months ago
### Summary
A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requ...
npm
No PRs yet
Keycloak SMTP Inject Vulnerability
GHSA-m4j5-5x4r-2xp9 CVE-2025-8419 MODERATE 2 months ago
Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to...
maven
No PRs yet
DragonFly's tiny file download uses hard coded HTTP protocol
GHSA-mcvp-rpgg-9273 CVE-2025-59410 MODERATE 2 months ago
### Impact
The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an atta...
go
No PRs yet
DragonFly has weak integrity checks for downloaded files
GHSA-hx2h-vjw2-8r54 CVE-2025-59354 MODERATE 2 months ago
### Impact
The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is sec...
go
No PRs yet
DragonFly's manager generates mTLS certificates for arbitrary IP addresses
GHSA-255v-qv84-29p5 CVE-2025-59353 HIGH 2 months ago
### Impact
A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue i...
go
No PRs yet
DragonFly vulnerable to arbitrary file read and write on a peer machine
GHSA-79hx-3fp8-hj66 CVE-2025-59352 MODERATE 2 months ago
### Impact
A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipien...
go
No PRs yet
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error
GHSA-4mhv-8rh3-4ghw CVE-2025-59351 MODERATE 2 months ago
### Impact
We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function retur...
go
No PRs yet
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
GHSA-c2fc-9q9c-5486 CVE-2025-59350 MODERATE 2 months ago
### Impact
The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An atta...
go
No PRs yet
jinjava has Sandbox Bypass via JavaType-Based Deserialization
GHSA-m49c-g9wr-hv6v CVE-2025-59340 CRITICAL 2 months ago
### Summary
jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as `getClass()`, and block instantiation of Cla...
maven
No PRs yet
Dragonfly's directories created via os.MkdirAll are not checked for permissions
GHSA-8425-8r2f-mrv6 CVE-2025-59349 LOW 2 months ago
### Impact
DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not per...
go
No PRs yet
Dragonfly incorrectly handles a task structure’s usedTrac field
GHSA-2qgr-gfvj-qpcr CVE-2025-59348 MODERATE 2 months ago
### Impact
The processPieceFromSource method (figure 4.1) is part of a task processing mechanism. The method writes pieces of data to storage, upda...
go
No PRs yet
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
GHSA-98x5-jw98-6c97 CVE-2025-59347 MODERATE 2 months ago
### Impact
The Manager disables TLS certificate verification in two HTTP clients (figures 3.1 and 3.2). The clients are not configurable, so users...
go
No PRs yet
Dragonfly vulnerable to server-side request forgery
GHSA-g2rq-jv54-wcpr CVE-2025-59346 HIGH 2 months ago
### Impact
There are multiple server-side request forgery (SSRF) vulnerabilities in the DragonFly2 system. The vulnerabilities enable users to forc...
go
No PRs yet
Dragonfly doesn't have authentication enabled for some Manager’s endpoints
GHSA-89vc-vf32-ch59 CVE-2025-59345 HIGH 2 months ago
### Impact
The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Ma...
go
No PRs yet
esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header
GHSA-g2h5-cvvr-7gmw CVE-2025-59342 MODERATE 2 months ago
## Summary
A path-traversal flaw in the handling of the `X-Zone-Id` HTTP header allows an attacker to cause the application to write files outside...
go
No PRs yet
esm.sh has File Inclusion issue
GHSA-49pv-gwxp-532r CVE-2025-59341 HIGH 2 months ago
## Summary
A Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the...
go
No PRs yet
REXML has DoS condition when parsing malformed XML file
GHSA-c2f4-jgmc-q2r5 CVE-2025-58767 LOW 2 months ago
### Impact
The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations.
If you need to parse...
rubygems
No PRs yet
Jenkins has a missing permission check, allowing users to obtain agent names
GHSA-67v4-38h7-9jjp CVE-2025-59474 MODERATE 2 months ago
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users...
maven
No PRs yet
Jenkins has a log message injection vulnerability
GHSA-qrh5-jg98-cr48 CVE-2025-59476 MODERATE 2 months ago
In Jenkins 2.527 and earlier, LTS 2.516.2 and earlier, the log formatter that prepares log messages for console output (including `jenkins.log` and...
maven
No PRs yet
Jenkins is missing a permission check in the authenticated users' profile menu
GHSA-223m-4rfp-646h CVE-2025-59475 MODERATE 2 months ago
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu. This allow...
maven
No PRs yet
Liferay search widget vulnerable to Cross-site Scripting
GHSA-ccrc-5vp5-vp5j CVE-2025-43804 MODERATE 2 months ago
There is a Cross-site scripting (XSS) vulnerability in Liferay Portal's Search widget . Versions 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q...
maven
No PRs yet