Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields Low
CVE-2025-46720 was published for @keystone-6/core (npm) May 5, 2025
emmatown dcousens
Credited to emmatown and dcousens
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
Credited to tomato42
Username enumeration attack in goauthentik Moderate
CVE-2023-39522 was published for @goauthentik/api (npm) Aug 29, 2023
markrassamni
Credited to markrassamni
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
Credited to Uzlopak
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime Moderate
CVE-2021-29446 was published for jose-node-cjs-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime Moderate
CVE-2021-29445 was published for jose-node-esm-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime Moderate
CVE-2021-29444 was published for jose-browser-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose Moderate
CVE-2021-29443 was published for jose (npm) Apr 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database