GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Uncaught Exception in fastify-multipart
High
CVE-2021-23597
was published
for
fastify-multipart
(npm)
Feb 11, 2022
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
image-size Denial of Service via Infinite Loop during Image Processing
High
GHSA-m5qc-5hw7-8vg7
was published
for
image-size
(npm)
Apr 2, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools
High
CVE-2025-53107
was published
for
@cyanheads/git-mcp-server
(npm)
Jun 30, 2025
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection
High
CVE-2025-53372
was published
for
node-code-sandbox-mcp
(npm)
Jul 8, 2025
MCP Server Kubernetes vulnerable to command injection in several tools
High
CVE-2025-53355
was published
for
mcp-server-kubernetes
(npm)
Jul 8, 2025
@translated/lara-mcp vulnerable to command injection in import_tmx tool
High
CVE-2025-53832
was published
for
@translated/lara-mcp
(npm)
Jul 21, 2025
mcp-package-docs vulnerable to command injection in several tools
High
CVE-2025-54073
was published
for
mcp-package-docs
(npm)
Aug 5, 2025
ProTip!
Advisories are also available from the
GraphQL API