HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 301 content-length: 0 location: https://github.com/advisories strict-transport-security: max-age=31536000; includeSubDomains; preload HTTP/2 200 date: Tue, 14 Oct 2025 02:41:56 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With etag: W/"549617a4bc0ec190db6ac68490a381f6" cache-control: max-age=0, private, must-revalidate strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ server: github.com content-encoding: gzip accept-ranges: bytes set-cookie: _gh_sess=xWYi4DsiYBKEwsz%2FqjSCBvVzhrcTowayZMpPFh5CzaOTgOPHvcZ2rQZOxgmnc3KTfXQTZTZzl5s0nvmFXqcDeqWrSoF7jfEHVRs0VLuICtux5zlZTIk1N5OQ8J6o4D99evb4rQDRRLoJ0paNP3TK2%2BEz4n4jX2Nq3nliN%2BZrTAexFJEq3oXlaFs9Tc05f8UI094RGCc5sOafCFilHfTWdtPvFaVP%2B8nVxPApxhgyUKTQ0YT%2ByQJh4NgfY%2BDnLdACwdofX3kzQDcDSGHe3WJV4Q%3D%3D--iCzPR7l1mcQNYS0R--vQQYlyhU%2FSA8GvH885y08g%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax set-cookie: _octo=GH1.1.129251932.1760409716; Path=/; Domain=github.com; Expires=Wed, 14 Oct 2026 02:41:56 GMT; Secure; SameSite=Lax set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Wed, 14 Oct 2026 02:41:56 GMT; HttpOnly; Secure; SameSite=Lax x-github-request-id: C22A:34A538:1FC5FD:2DF71D:68EDB874 GitHub Advisory Database · GitHub

GitHub Copilot
Write better code with AI

GitHub Spark New
Build and deploy intelligent apps

GitHub Models New
Manage and compare prompts

GitHub Advanced Security
Find and fix vulnerabilities

Actions
Automate any workflow
Codespaces
Instant dev environments

Issues
Plan and track work

Code Review
Manage code changes

Discussions
Collaborate outside of code

Code Search
Find more, search less
Explore

Why GitHub

Documentation

GitHub Skills

Blog
Integrations

GitHub Marketplace

MCP Registry
View all features
By company size

Enterprises

Small and medium teams

Startups

Nonprofits
By use case

App Modernization

DevSecOps

DevOps

CI/CD

View all use cases
By industry

Healthcare

Financial services

Manufacturing

Government

View all industries
View all solutions
Topics

AI

DevOps

Security

Software Development

View all
Explore

Learning Pathways

Events & Webinars

Ebooks & Whitepapers

Customer Stories

Partners

Executive Insights
GitHub Sponsors
Fund open source developers
The ReadME Project
GitHub community articles
Repositories

Topics

Trending

Collections
Enterprise platform
AI-powered developer platform
Available add-ons

GitHub Advanced Security
Enterprise-grade security features

Copilot for business
Enterprise-grade AI features

Premium Support
Enterprise-grade 24/7 support
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,205
Composer 4,894
Erlang 38
GitHub Actions 38
Go 2,552
Maven 6,024
npm 4,224
NuGet 746
pip 3,999
Pub 12
RubyGems 953
Rust 1,041
Swift 45

Unreviewed advisories

All unreviewed 273,117

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

24,205 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

LibreNMS is vulnerable to Reflected-XSS in `report_this` function Moderate

CVE-2025-62365 was published for librenms/librenms (Composer) Oct 13, 2025

Credited to GatekeeperBuster

Liferay Mentions Web is Vulnerable to Cross-site Scripting Moderate

CVE-2025-62246 was published for com.liferay:com.liferay.mentions.web (Maven) Oct 13, 2025

Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025

Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025

tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low

GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025

Credited to kxxt

Omni vulnerable to information leak via API High

CVE-2025-61688 was published for github.com/siderolabs/omni (Go) Oct 13, 2025

Omni is Vulnerable to DoS via Empty Create/Update Resource Requests Moderate

CVE-2025-59836 was published for github.com/siderolabs/omni (Go) Oct 13, 2025

Credited to 1c3t0rm and nicomda

Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025

MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High

CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025

Liferay Publications is vulnerable to Incorrect Authorization Moderate

CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025

llama-index has Insecure Temporary File High

CVE-2025-7707 was published for llama-index (pip) Oct 13, 2025

CommandKit has incorrect command name exposure in context object for message command aliases Moderate

GHSA-fhwm-pc6r-4h2f was published for commandkit (npm) Oct 13, 2025

Credited to twlite and notunderctrl

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High

CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025

Credited to maennchen and zachdaniel

QGIS QWC2 Cross-Site Scripting vulnerability Moderate

CVE-2025-11183 was published for qwc2 (npm) Oct 13, 2025

cel-rust May Panic During Parsing of Invalid CEL Expressions High

CVE-2025-62162 was published for cel (Rust) Oct 11, 2025

Credited to howardjohn and alexsnaps

Happy DOM: VM Context Escape can lead to Remote Code Execution Critical

CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025

Credited to Mas0nShi

Parallax is vulnerable to DoS via malicious p2p message High

GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025

Astro's `X-Forwarded-Host` is reflected without validation Moderate

CVE-2025-61925 was published for astro (npm) Oct 10, 2025

Credited to Chisnet

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High

GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025

Credited to XlabAITeam

Authlib : JWE zip=DEF decompression bomb enables DoS Moderate

GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025

Credited to AL-Cybision

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate

CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025

Credited to AdamKorcz and justaugustus

python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination Moderate

CVE-2025-61912 was published for python-ldap (pip) Oct 10, 2025

Credited to aradona91

python-ldap has sanitization bypass in ldap.filter.escape_filter_chars Moderate

CVE-2025-61911 was published for python-ldap (pip) Oct 10, 2025

Credited to lukas-eu

Liferay Portal is vulnerable to CSRF through publication comments Moderate

CVE-2025-62245 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 10, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Footer

Footer navigation

Terms
Privacy
Security
Status
Community
Docs
Contact

You can’t perform that action at this time.

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source