Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,793
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,004
NuGet
720
pip
3,803
Pub
12
RubyGems
927
Rust
985
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,263 advisories

Loading
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation Moderate
CVE-2025-53626 was published for @pdfme/common (npm) Jul 10, 2025
arkark
Parse Server exposes the data schema via GraphQL API Moderate
CVE-2025-53364 was published for parse-server (npm) Jul 10, 2025
mtrezza Moumouls
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
GHSA-4pfg-2mw5-f8jx was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
n8n is vulnerable to Improper Authorization through its `/stop` endpoint Moderate
CVE-2025-52554 was published for n8n (npm) Jul 3, 2025
pfelilpe MarcL
LucianoSorrentino95 agustedone ffaggiani
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript Moderate
CVE-2025-48939 was published for tarteaucitronjs (npm) Jul 3, 2025
Rudloff
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests Moderate
CVE-2025-49595 was published for n8n (npm) Jul 3, 2025
pfelilpe LucianoSorrentino95
agustedone ivov ffaggiani
Electron vulnerable to Heap Buffer Overflow in NativeImage Moderate
CVE-2024-46993 was published for electron (npm) Jun 30, 2025
francobel
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer Moderate
CVE-2025-50183 was published for @openlist-frontend/openlist-frontend (npm) Jun 18, 2025
zyk2507 cxw620
jyxjjj
pg-promise SQL Injection vulnerability Moderate
CVE-2025-29744 was published for pg-promise (npm) Jun 12, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
AngularJS Incomplete Filtering of Special Elements vulnerability Moderate
CVE-2025-2336 was published for angular-sanitize (npm) Jun 4, 2025
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Moderate
CVE-2025-48054 was published for radashi (npm) May 27, 2025
arkark aleclarson
Marked allows Regular Expression Denial of Service (ReDoS) attacks Moderate
CVE-2018-25110 was published for marked (npm) May 23, 2025
Cocotais Bot has builtin .echo command injection Moderate
CVE-2025-47948 was published for cocotais-bot (npm) May 19, 2025
Destroyed-Dream
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database