GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,127 advisories
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
Critical
CVE-2025-55746
was published
for
@directus/api
(npm)
Aug 20, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data
Critical
CVE-2025-9287
was published
for
cipher-base
(npm)
Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data
Critical
CVE-2025-9288
was published
for
sha.js
(npm)
Aug 21, 2025
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request
Moderate
CVE-2025-57753
was published
for
vite-plugin-static-copy
(npm)
Aug 21, 2025
@musistudio/claude-code-router has improper CORS configuration
High
CVE-2025-57755
was published
for
@musistudio/claude-code-router
(npm)
Aug 21, 2025
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1
Moderate
CVE-2025-57814
was published
for
request-filtering-agent
(npm)
Aug 25, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-hmfr-rx46-4jx2
was published
for
@escape.tech/graphql-armor-max-depth
(npm)
Aug 26, 2025
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
Malicious versions of Nx were published
Critical
GHSA-cxm3-wv7p-598c
was published
for
@nx/devkit
(npm)
Aug 27, 2025
Next.js Improper Middleware Redirect Handling Leads to SSRF
Moderate
CVE-2025-57822
was published
for
next
(npm)
Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Moderate
CVE-2025-57752
was published
for
next
(npm)
Aug 29, 2025
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
High
CVE-2025-58358
was published
for
mcp-markdownify-server
(npm)
Sep 2, 2025
ProTip!
Advisories are also available from the
GraphQL API