GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,127 advisories
Manifest Uses a One-Way Hash without a Salt
Moderate
CVE-2025-27408
was published
for
manifest
(npm)
Mar 3, 2025
PrismJS DOM Clobbering vulnerability
Moderate
CVE-2024-53382
was published
for
prismjs
(npm)
Mar 3, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user
Low
CVE-2025-27146
was published
for
matrix-appservice-irc
(npm)
Feb 25, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Critical
GHSA-vp58-j275-797x
was published
for
better-auth
(npm)
Feb 24, 2025
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
Moderate
CVE-2025-27143
was published
for
better-auth
(npm)
Feb 24, 2025
Directus allows updates to non-allowed fields due to overlapping policies
Moderate
CVE-2025-27089
was published
for
@directus/api
(npm)
Feb 19, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
ProTip!
Advisories are also available from the
GraphQL API