GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,120 advisories
Hexo `include_code` has a path traversal
High
CVE-2023-39584
was published
for
hexo
(npm)
Sep 8, 2023
Directus incorrectly handles `_in` filter
High
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
High
CVE-2025-58358
was published
for
mcp-markdownify-server
(npm)
Sep 2, 2025
Mermaid improperly sanitizes sequence diagram labels leading to XSS
Moderate
CVE-2025-54881
was published
for
mermaid
(npm)
Aug 19, 2025
utils-extend Prototype Pollution
Critical
CVE-2024-57077
was published
for
utils-extend
(npm)
Feb 6, 2025
nodemailer ReDoS when trying to send a specially crafted email
Moderate
GHSA-9h6g-pr28-7cqp
was published
for
nodemailer
(npm)
Jan 31, 2024
useragent Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26311
was published
for
useragent
(npm)
Oct 26, 2024
domain-suffix RegEx Denial of Service
High
CVE-2024-25354
was published
for
domain-suffix
(npm)
Mar 28, 2024
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Moderate
CVE-2025-57752
was published
for
next
(npm)
Aug 29, 2025
parse-uri Regular expression Denial of Service (ReDoS)
Moderate
CVE-2024-36751
was published
for
parse-uri
(npm)
Jan 16, 2025
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
org.webjars:swagger-ui
(Maven)
Mar 12, 2022
Malicious versions of Nx were published
Critical
GHSA-cxm3-wv7p-598c
was published
for
@nx/devkit
(npm)
Aug 27, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-hmfr-rx46-4jx2
was published
for
@escape.tech/graphql-armor-max-depth
(npm)
Aug 26, 2025
ProTip!
Advisories are also available from the
GraphQL API