Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,828
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,063
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,009
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,064 advisories

Loading
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
Flowise JS injection remote code execution Critical
CVE-2025-55346 was published for flowise (npm) Aug 14, 2025
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE High
CVE-2025-55164 was published for content-security-policy-parser (npm) Aug 12, 2025
pnappa EvanHahn
Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers Moderate
CVE-2025-55152 was published for @oakserver/oak (npm) Aug 12, 2025
dellalibera
HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit Low
GHSA-xcxh-6cv4-q8p8 was published for hfs (npm) Aug 12, 2025
ByteAfterlife
The AuthKit Remix Library renders sensitive auth data in HTML High
CVE-2025-55009 was published for @workos-inc/authkit-remix (npm) Aug 8, 2025
The AuthKit React Router Library rendered sensitive auth data in HTML High
CVE-2025-55008 was published for @workos-inc/authkit-react-router (npm) Aug 8, 2025
@fedify/fedify has Improper Authentication and Incorrect Authorization High
CVE-2025-54888 was published for @fedify/fedify (npm) Aug 8, 2025
allouis dahlia
Astros's duplicate trailing slash feature leads to an open redirection security issue Moderate
CVE-2025-54793 was published for astro (npm) Aug 7, 2025
ghiyastfarisi ascorbic
ematipico
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended Moderate
CVE-2025-54885 was published for thinbus-srp (npm) Aug 6, 2025
SvenSchindler
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
js-toml Prototype Pollution Vulnerability High
CVE-2025-54803 was published for js-toml (npm) Aug 4, 2025
siunam321
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access High
CVE-2025-54794 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
IPX Allows Path Traversal via Prefix Matching Bypass Moderate
CVE-2025-54387 was published for ipx (npm) Aug 4, 2025
dellalibera
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh
GitProxy Hidden Commits Injection High
CVE-2025-54586 was published for @finos/git-proxy (npm) Jul 30, 2025
GitProxy New Branch Approval Exploit High
CVE-2025-54585 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
GitProxy Backfile Parsing Exploit High
CVE-2025-54584 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
GitProxy Approval Bypass When Pushing Multiple Branches High
CVE-2025-54583 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
Koa Open Redirect via Referrer Header (User-Controlled) Low
CVE-2025-8129 was published for koa (npm) Jul 29, 2025
NinjaGPT zast-ai
fengmk2
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
webfinger.js Blind SSRF Vulnerability Moderate
CVE-2025-54590 was published for webfinger.js (npm) Jul 28, 2025
orihjfrog silverbucket
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database