Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,802
Erlang
36
GitHub Actions
29
Go
2,382
Maven
5,000+
npm
4,015
NuGet
720
pip
3,811
Pub
12
RubyGems
930
Rust
987
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,015 advisories

Loading
OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers Moderate
CVE-2025-54070 was published for @openzeppelin/contracts (npm) Jul 17, 2025
on-headers is vulnerable to http response header manipulation Low
CVE-2025-7339 was published for on-headers (npm) Jul 17, 2025
ctcpip SPodjasek
UlisesGascon Zen-cronic
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpip UlisesGascon
LinusU
DiracX-Web is vulnerable to attack through an Open Redirect on its login page Moderate
CVE-2025-54066 was published for @dirac-grid/diracx-web-components (npm) Jul 17, 2025
Robin-Van-de-Merghel
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes Moderate
CVE-2025-53892 was published for @intlify/core (npm) Jul 16, 2025
luoingly
GitHub Kanban MCP Server vulnerable to Command Injection High
CVE-2025-53818 was published for @sunwood-ai-labs/github-kanban-mcp-server (npm) Jul 15, 2025
lirantal
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows Moderate
CVE-2025-53889 was published for directus (npm) Jul 15, 2025
licitdev
Directus' exact version number is exposed by the OpenAPI Spec Moderate
CVE-2025-53887 was published for directus (npm) Jul 15, 2025
br41nslug
Directus tokens are not redacted in flow logs, exposing session credentials to all admin Moderate
CVE-2025-53886 was published for directus (npm) Jul 15, 2025
licitdev
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged Moderate
CVE-2025-53885 was published for directus (npm) Jul 15, 2025
Better Call routing bug can lead to Cache Deception Moderate
GHSA-hq75-xg7r-rx6c was published for better-call (npm) Jul 11, 2025
mwlik
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation Moderate
CVE-2025-53626 was published for @pdfme/common (npm) Jul 10, 2025
arkark
Parse Server exposes the data schema via GraphQL API Moderate
CVE-2025-53364 was published for parse-server (npm) Jul 10, 2025
mtrezza Moumouls
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
@clerk/backend Performs Insufficient Verification of Data Authenticity High
CVE-2025-53548 was published for @clerk/astro (npm) Jul 9, 2025
GautierT
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
MCP Server Kubernetes vulnerable to command injection in several tools High
CVE-2025-53355 was published for mcp-server-kubernetes (npm) Jul 8, 2025
dellalibera
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
GHSA-4pfg-2mw5-f8jx was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection High
CVE-2025-53372 was published for node-code-sandbox-mcp (npm) Jul 8, 2025
dellalibera
Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes Low
CVE-2025-53535 was published for better-auth (npm) Jul 7, 2025
mwlik imenyoo2
Next.JS vulnerability can lead to DoS via cache poisoning High
CVE-2025-49826 was published for next (npm) Jul 3, 2025
cold-try
Next.js has a Cache poisoning vulnerability due to omission of the Vary header Low
CVE-2025-49005 was published for next (npm) Jul 3, 2025
n8n is vulnerable to Improper Authorization through its `/stop` endpoint Moderate
CVE-2025-52554 was published for n8n (npm) Jul 3, 2025
pfelilpe MarcL
LucianoSorrentino95 agustedone ffaggiani
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript Moderate
CVE-2025-48939 was published for tarteaucitronjs (npm) Jul 3, 2025
Rudloff
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database