Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,596 advisories

Loading
Uniswap Universal Router Incorrect Authorization vulnerability High
CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023
Flowise Vulnerable to SQL Injection via `tableName` Parameter High
CVE-2025-29189 was published for flowise-components (npm) Apr 9, 2025
node-opcua-alarm-condition prototype pollution vulnerability High
CVE-2024-57086 was published for node-opcua-alarm-condition (npm) Feb 6, 2025
axi92
crud-query-parser SQL Injection vulnerability High
CVE-2025-32020 was published for crud-query-parser (npm) Apr 9, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL FeBe95
bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function High
CVE-2025-3194 was published for bigint-buffer (npm) Apr 4, 2025
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework High
CVE-2025-31119 was published for generator-jhipster-entity-audit (npm) Apr 4, 2025
OmarHawk
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers High
CVE-2025-31137 was published for @react-router/express (npm) Apr 1, 2025
cold-try
@alizeait/unflatto Prototype Pollution High
CVE-2024-38988 was published for @alizeait/unflatto (npm) Apr 1, 2025
Duplicate Advisory: @alizeait/unflatto Prototype Pollution via `exports.unflatto` Method High
GHSA-799q-f2px-wx8c was published for @alizeait/unflatto (npm) Mar 28, 2025 withdrawn
alizeait
Redoc Prototype Pollution via `Module.mergeObjects` Component High
CVE-2024-57083 was published for redoc (npm) Mar 28, 2025
depath and cool-path vulnerable to Prototype Pollution via `set()` Method High
CVE-2024-38985 was published for cool-path (npm) Mar 28, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa maikelvdh
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
Directus's webhook trigger flows can leak sensitive data High
CVE-2025-30353 was published for directus (npm) Mar 26, 2025
dzevs
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
nossrf Server-Side Request Forgery (SSRF) High
CVE-2025-2691 was published for nossrf (npm) Mar 23, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12534 was published for open-webui (npm) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database