Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,114
NuGet
735
pip
3,934
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,295 advisories

Loading
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request Moderate
CVE-2025-57753 was published for vite-plugin-static-copy (npm) Aug 21, 2025
ikkisoft
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1 Moderate
CVE-2025-57814 was published for request-filtering-agent (npm) Aug 25, 2025
ikkisoft
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-hmfr-rx46-4jx2 was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
M0ngi
GraphQL Armor Max-Depth Plugin Bypass via fragment caching Moderate
GHSA-224p-v68g-5g8f was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
Payload does not invalidate JWTs after log out Moderate
CVE-2025-4643 was published for @payloadcms/graphql (npm) Aug 29, 2025
Payload's SQLite adapter Session Fixation vulnerability Moderate
CVE-2025-4644 was published for @payloadcms/graphql (npm) Aug 29, 2025
AiondaDotCom mcp-ssh command injection vulnerability in SSH operations Moderate
CVE-2025-9654 was published for @aiondadotcom/mcp-ssh (npm) Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization Moderate
CVE-2025-55173 was published for next (npm) Aug 29, 2025
kristianmagas
Next.js Improper Middleware Redirect Handling Leads to SSRF Moderate
CVE-2025-57822 was published for next (npm) Aug 29, 2025
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010
parse-uri Regular expression Denial of Service (ReDoS) Moderate
CVE-2024-36751 was published for parse-uri (npm) Jan 16, 2025
dsimk
Next.js Affected by Cache Key Confusion for Image Optimization API Routes Moderate
CVE-2025-57752 was published for next (npm) Aug 29, 2025
reddounsf medikoo
useragent Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26311 was published for useragent (npm) Oct 26, 2024
dsimk
nodemailer ReDoS when trying to send a specially crafted email Moderate
GHSA-9h6g-pr28-7cqp was published for nodemailer (npm) Jan 31, 2024
francoatmega dsimk
Mermaid improperly sanitizes sequence diagram labels leading to XSS Moderate
CVE-2025-54881 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Electron has ASAR Integrity Bypass via resource modification Moderate
CVE-2025-55305 was published for electron (npm) Sep 3, 2025
dariushoule
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database