Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,841 advisories

Loading
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins Moderate
CVE-2025-2598 was published for aws-cdk (npm) Mar 21, 2025
Parse Server has an OAuth login vulnerability Moderate
CVE-2025-30168 was published for parse-server (npm) Mar 21, 2025
tiaod dblythy
mtrezza
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
CVE-2024-9840 was published for open-webui (npm) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12534 was published for open-webui (npm) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
Nuxt allows DOS via cache poisoning with payload rendering response High
CVE-2025-27415 was published for nuxt (npm) Mar 19, 2025
cold-try
Fast-JWT Improperly Validates iss Claims Moderate
CVE-2025-30144 was published for fast-jwt (npm) Mar 19, 2025
tibrn
jsPDF Bypass Regular Expression Denial of Service (ReDoS) High
CVE-2025-29907 was published for jspdf (npm) Mar 18, 2025
Uptime Kuma ReDoS vulnerability Moderate
CVE-2025-26042 was published for uptime-kuma (npm) Mar 17, 2025
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection Low
CVE-2025-1398 was published for mattermost-desktop (npm) Mar 17, 2025
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Prototype Pollution Vulnerability in parse-git-config High
CVE-2025-25975 was published for parse-git-config (npm) Mar 12, 2025
Malayke
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups Moderate
CVE-2025-27789 was published for @babel/helpers (npm) Mar 11, 2025
mmmsssttt404 JLHwung
nicolo-ribaudo
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
GHSA-w7f9-wqc4-3wxr was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
canvg Prototype Pollution vulnerability High
CVE-2025-25977 was published for canvg (npm) Mar 10, 2025
mprins lironhl-geox
Vue I18n Allows Prototype Pollution in `handleFlatJson` High
CVE-2025-27597 was published for @intlify/core (npm) Mar 7, 2025
mestrtee
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database