GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,595 advisories
Prototype Pollution Vulnerability in parse-git-config
High
CVE-2025-25975
was published
for
parse-git-config
(npm)
Mar 12, 2025
Mockoon has a Path Traversal and LFI in the static file serving endpoint
High
GHSA-w7f9-wqc4-3wxr
was published
for
@mockoon/cli
(npm)
Mar 11, 2025
canvg Prototype Pollution vulnerability
High
CVE-2025-25977
was published
for
canvg
(npm)
Mar 10, 2025
Vue I18n Allows Prototype Pollution in `handleFlatJson`
High
CVE-2025-27597
was published
for
@intlify/core
(npm)
Mar 7, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
High
CVE-2025-27152
was published
for
axios
(npm)
Mar 7, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
High
CVE-2025-25283
was published
for
parse-duration
(npm)
Feb 12, 2025
Authentication bypass in @sap/approuter
High
CVE-2025-24876
was published
for
@sap/approuter
(npm)
Feb 11, 2025
node-opcua-alarm-condition prototype pollution vulnerability
High
CVE-2024-57086
was published
for
node-opcua-alarm-condition
(npm)
Feb 6, 2025
@zag-js/core prototype pollution
High
CVE-2024-57079
was published
for
@zag-js/core
(npm)
Feb 6, 2025
@stryker-mutator/util vulnerable to Prototype Pollution
High
CVE-2024-57085
was published
for
@stryker-mutator/util
(npm)
Feb 6, 2025
@rpldy/uploader prototype pollution
High
CVE-2024-57082
was published
for
@rpldy/uploader
(npm)
Feb 6, 2025
@tanstack/form-core prototype pollution
High
CVE-2024-57068
was published
for
@tanstack/form-core
(npm)
Feb 6, 2025
ProTip!
Advisories are also available from the
GraphQL API