Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,014 advisories

Loading
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath
Flowise JS injection remote code execution Critical
CVE-2025-55346 was published for flowise (npm) Aug 14, 2025
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
screenshot-desktop vulnerable to command Injection via `format` option Critical
CVE-2025-55294 was published for screenshot-desktop (npm) Aug 19, 2025
RichardoC bencevans
Directus allows unauthenticated file upload and file modification due to lacking input sanitization Critical
CVE-2025-55746 was published for @directus/api (npm) Aug 20, 2025
r4bbit-r4
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
Malicious versions of Nx were published Critical
GHSA-cxm3-wv7p-598c was published for @nx/devkit (npm) Aug 27, 2025
jahredhope tadhglewis
hckhanh TimShilov
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
dsimk
CodeceptJS's incomprehensive sanitation can lead to Command Injection Critical
CVE-2025-57285 was published for codeceptjs (npm) Sep 8, 2025
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk levpachmanov
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database