Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,250 advisories

Loading
@account-kit/smart-contracts Allowlist Module Bypass Vulnerability Moderate
GHSA-wfm2-rq5g-f8v5 was published for @account-kit/smart-contracts (npm) Apr 29, 2025
howydev
n8n Vulnerable to Stored XSS through Attachments View Endpoint Moderate
CVE-2025-46343 was published for n8n (npm) Apr 28, 2025
Mahmoud0x00
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-733v-p3h5-qpq7 was published for @escape.tech/graphql-armor-cost-limit (npm) Apr 25, 2025
M0ngi EvertEt
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting Moderate
CVE-2024-47829 was published for pnpm (npm) Apr 23, 2025
kexinoh
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
Permission policy information leakage in Backstage permission system Moderate
CVE-2025-32791 was published for @backstage/plugin-permission-backend (npm) Apr 16, 2025
jquery-validation vulnerable to Cross-site Scripting Moderate
CVE-2025-3573 was published for jquery-validation (npm) Apr 15, 2025
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed Moderate
CVE-2025-32997 was published for http-proxy-middleware (npm) Apr 15, 2025
sealonohana
http-proxy-middleware can call writeBody twice because "else if" is not used Moderate
CVE-2025-32996 was published for http-proxy-middleware (npm) Apr 15, 2025
sealonohana
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Rich-Harris
dominikg dummdidumm
Directus inserts access token from query string into logs Moderate
CVE-2024-47822 was published for @directus/api (npm) Apr 14, 2025
licitdev
Vite has an `server.fs.deny` bypass with an invalid `request-target` Moderate
CVE-2025-32395 was published for vite (npm) Apr 11, 2025
do9gy-msec sw0rd1ight
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
linhnph05
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation Moderate
CVE-2025-32029 was published for @apeleghq/asn1-der (npm) Apr 7, 2025
estree-util-value-to-estree allows prototype pollution in generated ESTree Moderate
CVE-2025-32014 was published for estree-util-value-to-estree (npm) Apr 7, 2025
remcohaszing
FlowiseDB vulnerable to SQL Injection by authenticated users Moderate
GHSA-9c4c-g95m-c8cp was published for flowise (npm) Apr 7, 2025
Tribal1012
tarteaucitron.js allows url scheme injection via unfiltered inputs Moderate
CVE-2025-31476 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
tarteaucitron.js allows prototype pollution via custom text injection Moderate
CVE-2025-31475 was published for tarteaucitronjs (npm) Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection Moderate
CVE-2025-31138 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
expand-object Vulnerable to Prototype Pollution via the expand() Function Moderate
CVE-2025-3197 was published for expand-object (npm) Apr 4, 2025
Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-929m-phjg-qwcc was published for mathlive (npm) Apr 1, 2025 withdrawn
aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct Moderate
GHSA-qq4x-c6h6-rfxh was published for aws-cdk-lib (npm) Mar 31, 2025
gifplayer XSS vulnerability Moderate
CVE-2025-31128 was published for gifplayer (npm) Mar 31, 2025
Rudloff
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query Moderate
CVE-2025-31125 was published for vite (npm) Mar 31, 2025
Iuhsssss
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database