Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,247 advisories

Loading
AngularJS Incomplete Filtering of Special Elements vulnerability Moderate
CVE-2025-2336 was published for angular-sanitize (npm) Jun 4, 2025
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
Remote code execution via the `pretty` option. Moderate
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
IPC messages delivered to the wrong frame in Electron Moderate
CVE-2020-26272 was published for electron (npm) Jan 28, 2021
nornagon decsecre583
Marked allows Regular Expression Denial of Service (ReDoS) attacks Moderate
CVE-2018-25110 was published for marked (npm) May 23, 2025
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Moderate
CVE-2025-48054 was published for radashi (npm) May 27, 2025
arkark aleclarson
Cocotais Bot has builtin .echo command injection Moderate
CVE-2025-47948 was published for cocotais-bot (npm) May 19, 2025
Destroyed-Dream
lockfile-lint-api Vulnerable to Incorrect Behavior Order Moderate
CVE-2025-4759 was published for lockfile-lint-api (npm) May 16, 2025
Meteor Affected By Inefficient Regular Expression Complexity Moderate
CVE-2025-4727 was published for meteor (npm) May 16, 2025
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data Moderate
CVE-2025-47204 was published for bootstrap-multiselect (npm) May 13, 2025
@lumieducation/h5p-server Fails to Sanitize Plain Text Strings Moderate
CVE-2025-47828 was published for @lumieducation/h5p-server (npm) May 11, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect Moderate
GHSA-jqx4-9gpq-rppm was published for @misskey-dev/summaly (npm) May 6, 2025
warriordog
Information Disclosure via Flags override link Moderate
CVE-2025-46332 was published for @vercel/flags (npm) May 2, 2025
Vite's server.fs.deny bypassed with /. for files under project root Moderate
CVE-2025-46565 was published for vite (npm) Apr 30, 2025
chienhm
@cloudflare/workers-oauth-provider PKCE bypass via downgrade attack Moderate
CVE-2025-4144 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025
Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack Moderate
GHSA-vh4h-fvqf-q9wv was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025 withdrawn
@cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
CVE-2025-4143 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025
Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
GHSA-7cp4-jw97-3rc2 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database