GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,365 advisories
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
Critical
CVE-2025-54576
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
BentoML SSRF Vulnerability in File Upload Processing
Critical
CVE-2025-54381
was published
for
bentoml
(pip)
Jul 29, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
billboard.js allows prototype pollution via the function generate
Critical
CVE-2025-49223
was published
for
billboard.js
(npm)
Jun 4, 2025
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
tj-actions/branch-names has a Command Injection Vulnerability
Critical
CVE-2025-54416
was published
for
tj-actions/branch-names
(GitHub Actions)
Jul 25, 2025
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Critical
GHSA-75jv-vfxf-3865
was published
for
assemblyline-service-client
(pip)
Jul 25, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability
Critical
CVE-2025-54082
was published
for
manogi/nova-tiptap
(Composer)
Jul 21, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Critical
CVE-2025-54127
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jul 21, 2025
form-data uses unsafe random function in form-data for choosing boundary
Critical
CVE-2025-7783
was published
for
form-data
(npm)
Jul 21, 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Critical
CVE-2025-24813
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 10, 2025
ProTip!
Advisories are also available from the
GraphQL API