GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21,908 advisories
Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
High
CVE-2025-30358
was published
for
mesop
(pip)
Mar 27, 2025
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Moderate
CVE-2025-27793
was published
for
vega
(npm)
Mar 27, 2025
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
Moderate
CVE-2025-26619
was published
for
vega
(npm)
Mar 27, 2025
Directus's webhook trigger flows can leak sensitive data
High
CVE-2025-30353
was published
for
directus
(npm)
Mar 26, 2025
Directus `search` query parameter allows enumeration of non permitted fields
Moderate
CVE-2025-30352
was published
for
directus
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of HEAD requests
Moderate
CVE-2025-30350
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of malformed transformations
Moderate
CVE-2025-30225
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Frappe has possibility of SQL injection due to improper validations
Moderate
CVE-2025-30217
was published
for
frappe
(pip)
Mar 26, 2025
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
High
CVE-2025-1097
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ProTip!
Advisories are also available from the
GraphQL API