GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,296 advisories
Fast-JWT Improperly Validates iss Claims
Moderate
CVE-2025-30144
was published
for
fast-jwt
(npm)
Mar 19, 2025
Parse Server has an OAuth login vulnerability
Moderate
CVE-2025-30168
was published
for
parse-server
(npm)
Mar 21, 2025
Duplicate Advisory: Code injection in Directus
Moderate
GHSA-qf6h-p3mr-vmh5
was published
for
directus
(npm)
Aug 15, 2024
•
withdrawn
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
Directus `search` query parameter allows enumeration of non permitted fields
Moderate
CVE-2025-30352
was published
for
directus
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of HEAD requests
Moderate
CVE-2025-30350
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of malformed transformations
Moderate
CVE-2025-30225
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Moderate
CVE-2025-27793
was published
for
vega
(npm)
Mar 27, 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Moderate
CVE-2025-31125
was published
for
vite
(npm)
Mar 31, 2025
MathLive's Lack of Escaping of HTML allows for XSS
Moderate
CVE-2025-29049
was published
for
mathlive
(npm)
Jan 21, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Moderate
CVE-2025-31138
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
tarteaucitron.js allows url scheme injection via unfiltered inputs
Moderate
CVE-2025-31476
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users
Moderate
GHSA-9c4c-g95m-c8cp
was published
for
flowise
(npm)
Apr 7, 2025
estree-util-value-to-estree allows prototype pollution in generated ESTree
Moderate
CVE-2025-32014
was published
for
estree-util-value-to-estree
(npm)
Apr 7, 2025
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
Moderate
CVE-2025-32379
was published
for
koa
(npm)
Apr 9, 2025
ProTip!
Advisories are also available from the
GraphQL API