Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,596 advisories

Loading
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott jkrems
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
CVE-2025-59049 was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
Claude Code rg vulnerability does not protect against approval prompt bypass High
CVE-2025-58764 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware High
CVE-2025-59037 was published for @duckdb/duckdb-wasm (npm) Sep 9, 2025
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
Webrecorder packages are vulnerable to XSS through 404 error handling logic High
CVE-2025-58765 was published for @webrecorder/archivewebpage (npm) Sep 10, 2025
Dedal0
N8N's Chat Trigger component is vulnerable to XSS High
CVE-2025-56265 was published for @n8n/n8n-nodes-langchain (npm) Sep 8, 2025
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
Hono's flaw in URL path parsing could cause path confusion High
CVE-2025-58362 was published for hono (npm) Sep 3, 2025
mwlik imenyoo2
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Hexo `include_code` has a path traversal High
CVE-2023-39584 was published for hexo (npm) Sep 8, 2023
uiolee
Directus incorrectly handles `_in` filter High
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning High
GHSA-ph6w-f82w-28w6 was published for @anthropic-ai/claude-code (npm) Sep 3, 2025
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
dsimk
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
NodeBB SQL Injection vulnerability High
CVE-2025-50979 was published for nodebb (npm) Aug 27, 2025
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Rich-Harris
dominikg
@musistudio/claude-code-router has improper CORS configuration High
CVE-2025-57755 was published for @musistudio/claude-code-router (npm) Aug 21, 2025
ttttmr
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database