Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,815 advisories

Loading
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
Manifest Uses a One-Way Hash without a Salt Moderate
CVE-2025-27408 was published for manifest (npm) Mar 3, 2025
prokofitch
seajs Cross-site Scripting vulnerability Low
CVE-2024-51091 was published for seajs (npm) Mar 3, 2025
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
mongosh vulnerable to local privilege escalation High
CVE-2025-1756 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to Control Character Injection via autocomplete High
CVE-2025-1691 was published for mongosh (npm) Feb 27, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO Critical
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter Moderate
CVE-2025-27143 was published for better-auth (npm) Feb 24, 2025
sumeet-darekar Shivaraj-Kolekar
tarteaucitron Cross-site Scripting (XSS) Low
CVE-2025-1467 was published for tarteaucitronjs (npm) Feb 23, 2025
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
DocsGPT Allows Remote Code Execution Critical
CVE-2025-0868 was published for docsgpt (npm) Feb 20, 2025
Directus allows updates to non-allowed fields due to overlapping policies Moderate
CVE-2025-27089 was published for @directus/api (npm) Feb 19, 2025
hanneskuettner
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25290 was published for @octokit/request (npm) Feb 14, 2025
ShiyuBanzhou MaikelvandenHurk-TomTom
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25289 was published for @octokit/request-error (npm) Feb 14, 2025
ShiyuBanzhou
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25288 was published for @octokit/plugin-paginate-rest (npm) Feb 14, 2025
ShiyuBanzhou MaikelvandenHurk-TomTom
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25285 was published for @octokit/endpoint (npm) Feb 14, 2025
ShiyuBanzhou
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database