GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,127 advisories
Directus inserts access token from query string into logs
Moderate
CVE-2024-47822
was published
for
@directus/api
(npm)
Apr 14, 2025
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
js-object-utilities Vulnerable to Prototype Pollution
High
CVE-2025-28269
was published
for
js-object-utilities
(npm)
Apr 7, 2025
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
High
CVE-2021-35065
was published
for
glob-parent
(npm)
Jul 18, 2022
nest allows a remote attacker to execute arbitrary code via the Content-Type header
Moderate
CVE-2024-29409
was published
for
@nestjs/common
(npm)
Mar 14, 2025
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
Moderate
CVE-2025-32388
was published
for
@sveltejs/kit
(npm)
Apr 14, 2025
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
Moderate
CVE-2025-27789
was published
for
@babel/helpers
(npm)
Mar 11, 2025
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
ses's global contour bindings leak into Compartment lexical scope
High
CVE-2025-32792
was published
for
ses
(npm)
Apr 18, 2025
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
Moderate
CVE-2024-47829
was published
for
pnpm
(npm)
Apr 23, 2025
tRPC 11 WebSocket DoS Vulnerability
High
CVE-2025-43855
was published
for
@trpc/server
(npm)
Apr 24, 2025
ProTip!
Advisories are also available from the
GraphQL API