Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,123 advisories

Loading
Erxes Incorrect Access Control vulnerability High
CVE-2024-57190 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
Suspended Directus user can continue to use session token to access API Low
CVE-2025-30351 was published for @directus/api (npm) Mar 26, 2025
Multer vulnerable to Denial of Service via memory leaks from unclosed streams High
CVE-2025-47935 was published for multer (npm) May 19, 2025
ctcpip UlisesGascon
UnlimitedBytes
AngularJS Incomplete Filtering of Special Elements vulnerability Moderate
CVE-2025-2336 was published for angular-sanitize (npm) Jun 4, 2025
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas ctcpip
Markiz9999 UlisesGascon wesleytodd LinusU
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies High
CVE-2025-48947 was published for @auth0/nextjs-auth0 (npm) Jun 4, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
path-to-regexp contains a ReDoS High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
goshop4eva dloetzke
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne G-Rath
decsecre583
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
decsecre583
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass High
CVE-2025-32442 was published for fastify (npm) Apr 18, 2025
Linkster78 climba03003
mcollina Eomm jsumners
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
Remote code execution via the `pretty` option. Moderate
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content Low
CVE-2025-46653 was published for formidable (npm) Apr 26, 2025
qwilr-altonius diego-santacruz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database