Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

998 advisories

Loading
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
JLLeitschuh
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
samlify SAML Signature Wrapping attack Critical
CVE-2025-47949 was published for samlify (npm) May 19, 2025
ahacker1-securesaml
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Prototype pollution in 101 Critical
CVE-2021-25943 was published for 101 (npm) May 17, 2021
Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 Critical
CVE-2025-32965 was published for xrpl (npm) Apr 22, 2025
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
Remote code execution in simple-git Critical
CVE-2022-25860 was published for simple-git (npm) Jan 26, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try jackwilson323
AWS Amplify CLI has incorrect trust policy management Critical
CVE-2024-28056 was published for @aws-amplify/cli (npm) Apr 15, 2024
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database