Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Froala WYSIWYG editor allows cross-site scripting (XSS) Moderate
CVE-2024-51434 was published for froala-editor (Composer) Nov 8, 2024
cdupuis
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
Froala Editor Cross-site Scripting vulnerability Moderate
CVE-2023-41592 was published for froala-editor (Composer) Sep 15, 2023
eoftedal cdupuis
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Vue I18n Allows Prototype Pollution in `handleFlatJson` High
CVE-2025-27597 was published for @intlify/core (npm) Mar 7, 2025
mestrtee
Prototype Pollution in node-jsonpointer Moderate
CVE-2021-23807 was published for jsonpointer (npm) Nov 8, 2021
Prototype pollution in json-pointer Moderate
CVE-2020-7709 was published for json-pointer (Maven) May 10, 2021
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
Manifest Uses a One-Way Hash without a Salt Moderate
CVE-2025-27408 was published for manifest (npm) Mar 3, 2025
prokofitch
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
seajs Cross-site Scripting vulnerability Low
CVE-2024-51091 was published for seajs (npm) Mar 3, 2025
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO Critical
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation Moderate
CVE-2025-27097 was published for @graphql-mesh/runtime (npm) Oct 10, 2023
ardatan khell
ejson shell parser in MongoDB Compass maybe bypassed High
CVE-2024-6376 was published for @mongodb-js/connection-form (npm) Jul 1, 2024
mongosh vulnerable to local privilege escalation High
CVE-2025-1756 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to Control Character Injection via autocomplete High
CVE-2025-1691 was published for mongosh (npm) Feb 27, 2025
Withdrawn Advisory: marked cross-site scripting vulnerability Moderate
GHSA-32vw-r77c-gm67 was published for marked (npm) Aug 3, 2020 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database