OSV - Open Source Vulnerabilities

CVE-2025-69288

github.com/kromitgmbh/titra

Titra has Remote Code Execution in Admin Functionality

7 hours ago

Fix available
Severity - 9.1 (Critical)

CVE-2025-69286

github.com/infiniflow/ragflow

RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability

7 hours ago

Fix available
Severity - 8.9 (High)

CVE-2025-68700

github.com/infiniflow/ragflow

RAGFlow Remote Code Execution Vulnerability

8 hours ago

Fix available
Severity - 8.6 (High)

CVE-2025-68131

github.com/agronholm/cbor2

CBORDecoder reuse can leak shareable values across decode calls

yesterday

Fix available
Severity - 5.5 (Medium)

CVE-2025-61594

github.com/ruby/uri

URI Credential Leakage Bypass over CVE-2025-27221

yesterday

Fix available
Severity - 2.7 (Low)

CVE-2025-69261

github.com/wasmedge/wasmedge

WasmEdge integer wrap in MemoryInstance::getSpan()'s memory size check

yesterday

Fix available
Severity - 5.5 (Medium)

CVE-2025-69210

github.com/neorazorx/facturascripts

FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

yesterday

Fix available
Severity - 1.2 (Low)

CVE-2025-69256

github.com/serverless/serverless

serverless MCP Server vulnerable to command injection in list-projects tool

yesterday

Fix available
Severity - 7.5 (High)

CVE-2025-68926

github.com/rustfs/rustfs

RustFS has a gRPC Hardcoded Token Authentication Bypass

yesterday

Fix available
Severity - 9.8 (Critical)

CVE-2025-69204

github.com/imagemagick/imagemagick

ImageMagick converting a malicious MVG file to SVG caused an integer overflow.

yesterday

Fix available
Severity - 5.3 (Medium)

CVE-2025-68950

github.com/imagemagick/imagemagick

Magick's failure to limit MVG mutual references forming a loop

yesterday

Fix available
Severity - 4.0 (Medium)

CVE-2025-68618

github.com/imagemagick/imagemagick

Magick's failure to limit the depth of SVG file reads caused a DoS attack.

yesterday

Fix available
Severity - 5.3 (Medium)

CVE-2025-67746

github.com/composer/composer

Composer vulnerable to ANSI sequence injection

yesterday

Fix available
Severity - 1.3 (Low)

CVE-2025-64528

github.com/discourse/discourse

Users are able to find users by name even when `enable_names` is off

yesterday

Fix available
Severity - 6.3 (Medium)

CVE-2023-54326

git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Linux/Kernel

misc: pci_endpoint_test: Free IRQs before removing the device

yesterday

Fix available

CVE-2023-54325

git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Linux/Kernel

crypto: qat - fix out-of-bounds read

yesterday

Fix available