GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,355 advisories
Directus Vulnerable to Information Leakage in Existing Collections
Moderate
CVE-2025-64749
was published
for
@directus/api
(npm)
Nov 13, 2025
Directus's conceal fields are searchable if read permissions enabled
Moderate
CVE-2025-64748
was published
for
@directus/api
(npm)
Nov 13, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
Directus has Improper Permission Handling on Deleted Fields
Moderate
CVE-2025-64746
was published
for
directus
(npm)
Nov 14, 2025
js-yaml has prototype pollution in merge (<<)
Moderate
CVE-2025-64718
was published
for
js-yaml
(npm)
Nov 14, 2025
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
Moderate
CVE-2025-64525
was published
for
astro
(npm)
Nov 13, 2025
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Moderate
CVE-2025-64502
was published
for
parse-server
(npm)
Nov 13, 2025
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Predictable results in nanoid generation when given non-integer values
Moderate
CVE-2024-55565
was published
for
nanoid
(npm)
Dec 9, 2024
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
PostCSS line return parsing error
Moderate
CVE-2023-44270
was published
for
postcss
(npm)
Sep 30, 2023
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Moderate
CVE-2021-23566
was published
for
nanoid
(npm)
Jan 21, 2022
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Moderate
CVE-2024-6485
was published
for
bootstrap
(npm)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API