GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,004 advisories
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
billboard.js allows prototype pollution via the function generate
Critical
CVE-2025-49223
was published
for
billboard.js
(npm)
Jun 4, 2025
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Critical
CVE-2025-54127
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jul 21, 2025
form-data uses unsafe random function in form-data for choosing boundary
Critical
CVE-2025-7783
was published
for
form-data
(npm)
Jul 21, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
Critical
CVE-2025-53624
was published
for
docusaurus-plugin-content-gists
(npm)
Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
Critical
CVE-2025-53620
was published
for
@builder.io/qwik-city
(npm)
Jul 9, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys
Critical
CVE-2025-6547
was published
for
pbkdf2
(npm)
Jun 23, 2025
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Critical
CVE-2025-6545
was published
for
pbkdf2
(npm)
Jun 23, 2025
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
Critical
CVE-2025-31477
was published
for
@tauri-apps/plugin-shell
(npm)
Apr 2, 2025
ProTip!
Advisories are also available from the
GraphQL API