GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
esbuild enables any website to send any requests to the development server and read the response
Moderate
GHSA-67mh-4wv8-2f99
was published
for
esbuild
(npm)
Feb 10, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Moderate
CVE-2025-30360
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
ProTip!
Advisories are also available from the
GraphQL API