GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,126 advisories
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
High
CVE-2025-58358
was published
for
mcp-markdownify-server
(npm)
Sep 2, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Moderate
CVE-2025-57752
was published
for
next
(npm)
Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
Next.js Improper Middleware Redirect Handling Leads to SSRF
Moderate
CVE-2025-57822
was published
for
next
(npm)
Aug 29, 2025
Malicious versions of Nx were published
Critical
GHSA-cxm3-wv7p-598c
was published
for
@nx/devkit
(npm)
Aug 27, 2025
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-hmfr-rx46-4jx2
was published
for
@escape.tech/graphql-armor-max-depth
(npm)
Aug 26, 2025
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1
Moderate
CVE-2025-57814
was published
for
request-filtering-agent
(npm)
Aug 25, 2025
@musistudio/claude-code-router has improper CORS configuration
High
CVE-2025-57755
was published
for
@musistudio/claude-code-router
(npm)
Aug 21, 2025
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request
Moderate
CVE-2025-57753
was published
for
vite-plugin-static-copy
(npm)
Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data
Critical
CVE-2025-9288
was published
for
sha.js
(npm)
Aug 21, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data
Critical
CVE-2025-9287
was published
for
cipher-base
(npm)
Aug 21, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
ProTip!
Advisories are also available from the
GraphQL API