HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 302 date: Tue, 22 Jul 2025 23:43:11 GMT content-type: text/plain;charset=UTF-8 content-length: 20 location: https://github.com/advisories cf-ray: 9636cc7a5de54e3d-BLR cf-cache-status: EXPIRED cache-control: public, max-age=14400 strict-transport-security: max-age=31536000; includeSubDomains; preload vary: x-requested-with, x-spiferack, Accept-Encoding content-security-policy: connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net npm-cost: 1 npm-remaining: 99 x-content-security-policy: connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block set-cookie: __cf_bm=acuhS13GNhoXaaHCPm3TJcxd26R7mV75E5IuZo041O0-1753227791-1.0.1.1-T4ey0dyFPwSicUgHMoDOOkNOOq8zYYiJrKubv47AqgjVxV5JG1GPGyBZw2GVR0ra64ss9Ng29yYPb51wSMUoWPyy1Jiw3yxZk10ek8okMSw; path=/; expires=Wed, 23-Jul-25 00:13:11 GMT; domain=.npmjs.com; HttpOnly; Secure; SameSite=None server: cloudflare HTTP/2 200 date: Tue, 22 Jul 2025 23:43:12 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With etag: W/"bcf67c967c77217e0dc805fae80e901c" cache-control: max-age=0, private, must-revalidate strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ server: github.com content-encoding: gzip accept-ranges: bytes set-cookie: _gh_sess=NpH3F1zWzPUVaBpBKD30HpEjmHAPnPwEQixgKQi1y%2FITJ62ZwZAagdcaiZlEDqcLscUB7GuCmmvEIfkes70aQpGArEYhAptdZ56dzYiFXOyluwi48klzGoQ6ZVsf5%2BozamNUR2a0krgdjkyLEOn07forf3Gdm%2F3tT1vxfskP42fTManssmIiovD47V6iBfD6t2aWPJhOlEmGARKQmTlmE25s6SPfx2mRQUDIKVS1ihVN8J9kAIbygL%2Bn4jlDTr3TStRTCqhdpQZKphR8vXL%2B%2FQ%3D%3D--vOjKM81Wp5aPdYSm--IHgKdHltxz%2BYpkkFYkcJyw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax set-cookie: _octo=GH1.1.2025697481.1753227791; Path=/; Domain=github.com; Expires=Wed, 22 Jul 2026 23:43:11 GMT; Secure; SameSite=Lax set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Wed, 22 Jul 2026 23:43:11 GMT; HttpOnly; Secure; SameSite=Lax x-github-request-id: ED02:3CF5A2:1CB442:27A5CD:6880220F GitHub Advisory Database · GitHub

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,242
Composer 4,809
Erlang 36
GitHub Actions 31
Go 2,393
Maven 5,777
npm 4,026
NuGet 720
pip 3,818
Pub 12
RubyGems 932
Rust 988
Swift 38

Unreviewed advisories

All unreviewed 263,459

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

23,242 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Ollama vulnerable to Cross-Domain Token Exposure Moderate

CVE-2025-51471 was published for github.com/ollama/ollama (Go) Jul 22, 2025

Aim vulnerable to Cross-site Scripting Moderate

CVE-2025-51464 was published for aim (pip) Jul 22, 2025

Dagster Local File Inclusion vulnerability Moderate

CVE-2025-51481 was published for dagster (pip) Jul 22, 2025

Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources High

CVE-2025-53942 was published for goauthentik.io (Go) Jul 22, 2025

Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High

CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025

Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate

CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025

Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate

CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025

`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High

CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025

HAX CMS application pages vulnerable to clickjacking Moderate

CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025

LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High

CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025

NodeJS version of the HAX CMS application is distributed with Default Secrets High

CVE-2025-54137 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025

HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High

CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025

NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting High

CVE-2025-54128 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025

NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical

CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025

Nokogiri patches vendored libxml2 to resolve multiple CVEs Critical

GHSA-353f-x4gh-cqq8 was published for nokogiri (RubyGems) Jul 21, 2025

Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate

CVE-2025-54121 was published for starlette (pip) Jul 21, 2025

Dolibarr has Remote Code Execution Vulnerability (Bypass) High

GHSA-49xw-hw94-fmv2 was published for dolibarr/dolibarr (Composer) Jul 21, 2025

RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs High

GHSA-c5qx-p38x-qf5w was published for RageAgainstThePixel/setup-steamcmd (GitHub Actions) Jul 21, 2025

buildalon/setup-steamcmd leaked authentication token in job output logs High

GHSA-mj96-mh85-r574 was published for buildalon/setup-steamcmd (GitHub Actions) Jul 21, 2025

nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical

CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025

form-data uses unsafe random function in form-data for choosing boundary Critical

CVE-2025-7783 was published for form-data (npm) Jul 21, 2025

Alchemy Non-SMA and Webauthn Account Security Advisory High

GHSA-56r6-ccm5-8hg3 was published for @account-kit/smart-contracts (npm) Jul 21, 2025

@translated/lara-mcp vulnerable to command injection in import_tmx tool High

CVE-2025-53832 was published for @translated/lara-mcp (npm) Jul 21, 2025

Cadwyn vulnerable to XSS on the docs page Low

CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025

Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High

CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Footer

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source