GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
305,525 advisories
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
High
CVE-2025-67721
was published
for
io.airlift:aircompressor-v3
(Maven)
Dec 12, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule
High
CVE-2025-67750
was published
for
lightning-flow-scanner
(npm)
Dec 12, 2025
ProTip!
Advisories are also available from the
GraphQL API