GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,960 advisories
undici Denial of Service attack via bad certificate data
Low
CVE-2025-47279
was published
for
undici
(npm)
May 15, 2025
Next.js Race Condition to Cache Poisoning
Low
CVE-2025-32421
was published
for
next
(npm)
May 15, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Low
CVE-2025-46720
was published
for
@keystone-6/core
(npm)
May 5, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
Vite's server.fs.deny bypassed with /. for files under project root
Moderate
CVE-2025-46565
was published
for
vite
(npm)
Apr 30, 2025
Homograph attack allows Unicode lookalike characters to bypass validation.
High
CVE-2025-27611
was published
for
base-x
(npm)
Apr 30, 2025
@account-kit/smart-contracts Allowlist Module Bypass Vulnerability
Moderate
GHSA-wfm2-rq5g-f8v5
was published
for
@account-kit/smart-contracts
(npm)
Apr 29, 2025
n8n Vulnerable to Stored XSS through Attachments View Endpoint
Moderate
CVE-2025-46343
was published
for
n8n
(npm)
Apr 28, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Low
CVE-2025-46653
was published
for
formidable
(npm)
Apr 26, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-733v-p3h5-qpq7
was published
for
@escape.tech/graphql-armor-cost-limit
(npm)
Apr 25, 2025
ProTip!
Advisories are also available from the
GraphQL API