GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,296 advisories
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor/ckeditor
(Composer)
Aug 21, 2024
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
Directus allows updates to non-allowed fields due to overlapping policies
Moderate
CVE-2025-27089
was published
for
@directus/api
(npm)
Feb 19, 2025
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Moderate
CVE-2025-27098
was published
for
@graphql-mesh/cli
(npm)
Feb 16, 2023
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
Moderate
CVE-2025-27143
was published
for
better-auth
(npm)
Feb 24, 2025
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
Moderate
CVE-2025-27097
was published
for
@graphql-mesh/runtime
(npm)
Oct 10, 2023
Manifest Uses a One-Way Hash without a Salt
Moderate
CVE-2025-27408
was published
for
manifest
(npm)
Mar 3, 2025
Froala Editor Cross-site Scripting vulnerability
Moderate
CVE-2023-41592
was published
for
froala-editor
(Composer)
Sep 15, 2023
Froala WYSIWYG editor allows cross-site scripting (XSS)
Moderate
CVE-2024-51434
was published
for
froala-editor
(Composer)
Nov 8, 2024
Duplicate Advisory: Improper access control in Directus
Moderate
GHSA-q83v-hq3j-4pq3
was published
for
directus
(npm)
Aug 15, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API