Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,596 advisories

Loading
Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass High
CVE-2025-32442 was published for fastify (npm) Apr 18, 2025
Linkster78 climba03003
mcollina Eomm jsumners
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu wesleytodd
ctcpip UlisesGascon marco-ippolito jonchurch
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
Connect-Multiparty allows arbitrary file upload High
CVE-2022-29623 was published for connect-multiparty (npm) May 17, 2022
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23
OpenPGP.js's message signature verification can be spoofed High
CVE-2025-47934 was published for openpgp (npm) May 19, 2025
CodeanIO
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm G-Rath
code-server's session cookie can be extracted by having user visit specially crafted proxy URL High
CVE-2025-47269 was published for code-server (npm) May 9, 2025
Markdownify subject to Remote Code Execution via malicious markdown file High
CVE-2022-41709 was published for electron-markdownify (npm) Oct 19, 2022
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
Homograph attack allows Unicode lookalike characters to bypass validation. High
CVE-2025-27611 was published for base-x (npm) Apr 30, 2025
steveluscher john-s4d
qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
React Router allows pre-render data spoofing on React-Router framework mode High
CVE-2025-43865 was published for react-router (npm) Apr 24, 2025
cold-try mhassan1
React Router allows a DoS via cache poisoning by forcing SPA mode High
CVE-2025-43864 was published for react-router (npm) Apr 24, 2025
cold-try
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF High
CVE-2024-4367 was published for pdfjs-dist (npm) May 7, 2024
ThomasRinsma
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
tRPC 11 WebSocket DoS Vulnerability High
CVE-2025-43855 was published for @trpc/server (npm) Apr 24, 2025
lukechilds
PostHog Plugin Server SQL Injection Vulnerability High
CVE-2025-1520 was published for @posthog/plugin-server (npm) Apr 23, 2025
ses's global contour bindings leak into Compartment lexical scope High
CVE-2025-32792 was published for ses (npm) Apr 18, 2025
mingijunggrape michaelfig
mhofman kriskowal
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule wejendorp
wwuck paulmillr BGehrels
js-object-utilities Vulnerable to Prototype Pollution High
CVE-2025-28269 was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database