Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,956 advisories

Loading
AngularJS Incomplete Filtering of Special Elements vulnerability Moderate
CVE-2025-2336 was published for angular-sanitize (npm) Jun 4, 2025
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas ctcpip
Markiz9999 UlisesGascon wesleytodd LinusU
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies High
CVE-2025-48947 was published for @auth0/nextjs-auth0 (npm) Jun 4, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
path-to-regexp contains a ReDoS High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
goshop4eva dloetzke
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
Information exposure in Next.js dev server due to lack of origin verification Low
CVE-2025-48068 was published for next (npm) May 28, 2025
sapphi-red R4356th
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne G-Rath
decsecre583
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
decsecre583
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass High
CVE-2025-32442 was published for fastify (npm) Apr 18, 2025
Linkster78 climba03003
mcollina Eomm jsumners
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
Remote code execution via the `pretty` option. Moderate
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content Low
CVE-2025-46653 was published for formidable (npm) Apr 26, 2025
qwilr-altonius diego-santacruz
IPC messages delivered to the wrong frame in Electron Moderate
CVE-2020-26272 was published for electron (npm) Jan 28, 2021
nornagon decsecre583
Marked allows Regular Expression Denial of Service (ReDoS) attacks Moderate
CVE-2018-25110 was published for marked (npm) May 23, 2025
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Moderate
CVE-2025-48054 was published for radashi (npm) May 27, 2025
arkark aleclarson
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database