GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21 advisories
Uncaught Exception in fastify-multipart
High
CVE-2021-23597
was published
for
fastify-multipart
(npm)
Feb 11, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Moderate
GHSA-cfqx-f43m-vfh7
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Moderate
GHSA-pf56-h9qf-rxq4
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
image-size Denial of Service via Infinite Loop during Image Processing
High
GHSA-m5qc-5hw7-8vg7
was published
for
image-size
(npm)
Apr 2, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools
High
CVE-2025-53107
was published
for
@cyanheads/git-mcp-server
(npm)
Jun 30, 2025
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection
High
CVE-2025-53372
was published
for
node-code-sandbox-mcp
(npm)
Jul 8, 2025
MCP Server Kubernetes vulnerable to command injection in several tools
High
CVE-2025-53355
was published
for
mcp-server-kubernetes
(npm)
Jul 8, 2025
@translated/lara-mcp vulnerable to command injection in import_tmx tool
High
CVE-2025-53832
was published
for
@translated/lara-mcp
(npm)
Jul 21, 2025
IPX Allows Path Traversal via Prefix Matching Bypass
Moderate
CVE-2025-54387
was published
for
ipx
(npm)
Aug 4, 2025
mcp-package-docs vulnerable to command injection in several tools
High
CVE-2025-54073
was published
for
mcp-package-docs
(npm)
Aug 5, 2025
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Low
CVE-2025-54798
was published
for
tmp
(npm)
Aug 6, 2025
Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers
Moderate
CVE-2025-55152
was published
for
@oakserver/oak
(npm)
Aug 12, 2025
ProTip!
Advisories are also available from the
GraphQL API