Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,195 advisories

Loading
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] Moderate
CVE-2025-27793 was published for vega (npm) Mar 27, 2025
FallingPineapples hydrosquall
domoritz
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter Moderate
CVE-2025-26619 was published for vega (npm) Mar 27, 2025
kprevas hydrosquall
domoritz mattijn lsh
Directus `search` query parameter allows enumeration of non permitted fields Moderate
CVE-2025-30352 was published for directus (npm) Mar 26, 2025
hanneskuettner moritzgvt
Directus's S3 assets become unavailable after a burst of HEAD requests Moderate
CVE-2025-30350 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela
Directus's S3 assets become unavailable after a burst of malformed transformations Moderate
CVE-2025-30225 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela
Vite bypasses server.fs.deny when using ?raw?? Moderate
CVE-2025-30208 was published for vite (npm) Mar 25, 2025
Ezzer17
GetmeUK ContentTools Cross-Site Scripting (XSS) Moderate
CVE-2025-2699 was published for ContentTools (npm) Mar 24, 2025
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins Moderate
CVE-2025-2598 was published for aws-cdk (npm) Mar 21, 2025
Parse Server has an OAuth login vulnerability Moderate
CVE-2025-30168 was published for parse-server (npm) Mar 21, 2025
tiaod dblythy
mtrezza
Fast-JWT Improperly Validates iss Claims Moderate
CVE-2025-30144 was published for fast-jwt (npm) Mar 19, 2025
tibrn
Uptime Kuma ReDoS vulnerability Moderate
CVE-2025-26042 was published for uptime-kuma (npm) Mar 17, 2025
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups Moderate
CVE-2025-27789 was published for @babel/helpers (npm) Mar 11, 2025
mmmsssttt404 JLHwung
nicolo-ribaudo
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
Manifest Uses a One-Way Hash without a Salt Moderate
CVE-2025-27408 was published for manifest (npm) Mar 3, 2025
prokofitch
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
lkuechler
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter Moderate
CVE-2025-27143 was published for better-auth (npm) Feb 24, 2025
sumeet-darekar Shivaraj-Kolekar
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
Directus allows updates to non-allowed fields due to overlapping policies Moderate
CVE-2025-27089 was published for @directus/api (npm) Feb 19, 2025
hanneskuettner
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25290 was published for @octokit/request (npm) Feb 14, 2025
ShiyuBanzhou MaikelvandenHurk-TomTom
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25289 was published for @octokit/request-error (npm) Feb 14, 2025
ShiyuBanzhou
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database