GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,296 advisories
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
Moderate
CVE-2025-50183
was published
for
@openlist-frontend/openlist-frontend
(npm)
Jun 18, 2025
Withdrawn Advisory: Lunary information disclosure vulnerability
Moderate
CVE-2024-6867
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
Withdrawn Advisory: Lunary Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-6862
was published
for
@lunary/backend
(npm)
Sep 13, 2024
•
withdrawn
iOS Simulator MCP Command Injection allowed via exec API
Moderate
CVE-2025-52573
was published
for
ios-simulator-mcp
(npm)
Jun 26, 2025
n8n allows open redirects via the /signin endpoint
Moderate
CVE-2025-49592
was published
for
n8n
(npm)
Jun 27, 2025
PrismJS DOM Clobbering vulnerability
Moderate
CVE-2024-53382
was published
for
prismjs
(npm)
Mar 3, 2025
DOMPurify allows Cross-site Scripting (XSS)
Moderate
CVE-2025-26791
was published
for
dompurify
(npm)
Feb 14, 2025
Electron vulnerable to Heap Buffer Overflow in NativeImage
Moderate
CVE-2024-46993
was published
for
electron
(npm)
Jun 30, 2025
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
Moderate
CVE-2025-49595
was published
for
n8n
(npm)
Jul 3, 2025
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
Moderate
CVE-2025-48939
was published
for
tarteaucitronjs
(npm)
Jul 3, 2025
Cloudflare Vite plugin exposes secrets over the built-in dev server
Moderate
GHSA-4pfg-2mw5-f8jx
was published
for
@cloudflare/vite-plugin
(npm)
Jul 8, 2025
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
Moderate
CVE-2025-52554
was published
for
n8n
(npm)
Jul 3, 2025
Parse Server exposes the data schema via GraphQL API
Moderate
CVE-2025-53364
was published
for
parse-server
(npm)
Jul 10, 2025
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
Moderate
CVE-2025-53626
was published
for
@pdfme/common
(npm)
Jul 10, 2025
Better Call routing bug can lead to Cache Deception
Moderate
GHSA-hq75-xg7r-rx6c
was published
for
better-call
(npm)
Jul 11, 2025
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Moderate
CVE-2025-53886
was published
for
directus
(npm)
Jul 15, 2025
Directus' exact version number is exposed by the OpenAPI Spec
Moderate
CVE-2025-53887
was published
for
directus
(npm)
Jul 15, 2025
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
Moderate
CVE-2025-53889
was published
for
directus
(npm)
Jul 15, 2025
DiracX-Web is vulnerable to attack through an Open Redirect on its login page
Moderate
CVE-2025-54066
was published
for
@dirac-grid/diracx-web-components
(npm)
Jul 17, 2025
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes
Moderate
CVE-2025-53892
was published
for
@intlify/core
(npm)
Jul 16, 2025
ProTip!
Advisories are also available from the
GraphQL API