Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) High
CVE-2025-8101 was published for linkifyjs (npm) Jul 26, 2025
saip007
billboard.js allows prototype pollution via the function generate Critical
CVE-2025-49223 was published for billboard.js (npm) Jun 4, 2025
saip-loginsoft
on-headers is vulnerable to http response header manipulation Low
CVE-2025-7339 was published for on-headers (npm) Jul 17, 2025
ctcpip jonchurch
SPodjasek UlisesGascon sheplu Zen-cronic
GitProxy Hidden Commits Injection High
CVE-2025-54586 was published for @finos/git-proxy (npm) Jul 30, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh
GitProxy Approval Bypass When Pushing Multiple Branches High
CVE-2025-54583 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
GitProxy Backfile Parsing Exploit High
CVE-2025-54584 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
webfinger.js Blind SSRF Vulnerability Moderate
CVE-2025-54590 was published for webfinger.js (npm) Jul 28, 2025
orihjfrog silverbucket
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter Low
CVE-2025-43712 was published for generator-jhipster (npm) Jul 25, 2025 withdrawn
Koa Open Redirect via Referrer Header (User-Controlled) Low
CVE-2025-8129 was published for koa (npm) Jul 29, 2025
NinjaGPT zast-ai
fengmk2
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
@stryker-mutator/util vulnerable to Prototype Pollution High
CVE-2024-57085 was published for @stryker-mutator/util (npm) Feb 6, 2025
saip-loginsoft saip007
IPX Allows Path Traversal via Prefix Matching Bypass Moderate
CVE-2025-54387 was published for ipx (npm) Aug 4, 2025
dellalibera
Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access High
CVE-2025-54794 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
js-toml Prototype Pollution Vulnerability High
CVE-2025-54803 was published for js-toml (npm) Aug 4, 2025
siunam321
Duplicate Advisory: Uptime Kuma ReDoS vulnerability Moderate
GHSA-3rw8-4xrq-3f7p was published for uptime-kuma (npm) Mar 17, 2025 withdrawn
marcschaeferger
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-26042 was published for uptime-kuma (npm) Mar 31, 2025
ShiyuBanzhou
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter Low
CVE-2025-54798 was published for tmp (npm) Aug 6, 2025
dellalibera
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended Moderate
CVE-2025-54885 was published for thinbus-srp (npm) Aug 6, 2025
SvenSchindler
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
Astros's duplicate trailing slash feature leads to an open redirection security issue Moderate
CVE-2025-54793 was published for astro (npm) Aug 7, 2025
ghiyastfarisi ascorbic
ematipico
@fedify/fedify has Improper Authentication and Incorrect Authorization High
CVE-2025-54888 was published for @fedify/fedify (npm) Aug 8, 2025
allouis dahlia
The AuthKit React Router Library rendered sensitive auth data in HTML High
CVE-2025-55008 was published for @workos-inc/authkit-react-router (npm) Aug 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database