Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,829
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,829 advisories

Loading
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups Moderate
CVE-2025-27789 was published for @babel/helpers (npm) Mar 11, 2025
mmmsssttt404 JLHwung
nicolo-ribaudo
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
GHSA-w7f9-wqc4-3wxr was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
canvg Prototype Pollution vulnerability High
CVE-2025-25977 was published for canvg (npm) Mar 10, 2025
mprins
Vue I18n Allows Prototype Pollution in `handleFlatJson` High
CVE-2025-27597 was published for @intlify/core (npm) Mar 7, 2025
mestrtee
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
Manifest Uses a One-Way Hash without a Salt Moderate
CVE-2025-27408 was published for manifest (npm) Mar 3, 2025
prokofitch
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
seajs Cross-site Scripting vulnerability Low
CVE-2024-51091 was published for seajs (npm) Mar 3, 2025
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
lkuechler
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
mongosh vulnerable to local privilege escalation High
CVE-2025-1756 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to Control Character Injection via autocomplete High
CVE-2025-1691 was published for mongosh (npm) Feb 27, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
funderscore1
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database