GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,960 advisories
Directus's webhook trigger flows can leak sensitive data
High
CVE-2025-30353
was published
for
directus
(npm)
Mar 26, 2025
Directus `search` query parameter allows enumeration of non permitted fields
Moderate
CVE-2025-30352
was published
for
directus
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of HEAD requests
Moderate
CVE-2025-30350
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of malformed transformations
Moderate
CVE-2025-30225
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
Parse Server has an OAuth login vulnerability
Moderate
CVE-2025-30168
was published
for
parse-server
(npm)
Mar 21, 2025
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Nuxt allows DOS via cache poisoning with payload rendering response
High
CVE-2025-27415
was published
for
nuxt
(npm)
Mar 19, 2025
Fast-JWT Improperly Validates iss Claims
Moderate
CVE-2025-30144
was published
for
fast-jwt
(npm)
Mar 19, 2025
Flowise allows arbitrary file write to RCE
Critical
GHSA-8vvx-qvq9-5948
was published
for
flowise
(npm)
Mar 14, 2025
nest allows a remote attacker to execute arbitrary code via the Content-Type header
Moderate
CVE-2024-29409
was published
for
@nestjs/common
(npm)
Mar 14, 2025
ProTip!
Advisories are also available from the
GraphQL API