GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
42 advisories
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
High
CVE-2025-34146
was published
for
@nyariv/sandboxjs
(npm)
Jul 31, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
High
CVE-2023-28465
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Mar 10, 2023
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Critical
CVE-2023-24057
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Jan 23, 2023
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Moderate
CVE-2022-36007
was published
for
com.github.jlangch:venice
(Maven)
Aug 18, 2022
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Moderate
CVE-2022-37423
was published
for
org.neo4j.procedure:apoc
(Maven)
Aug 12, 2022
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
High
CVE-2022-31159
was published
for
com.amazonaws:aws-java-sdk-s3
(Maven)
Jul 15, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Temporary Directory Hijacking Vulnerability in Keycloak
High
CVE-2021-20202
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 18, 2022
Cached redirect poisoning via X-Forwarded-Host header
High
CVE-2021-29479
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Unencrypted storage of client side sessions
Moderate
CVE-2021-29481
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Netflix/Priam: Temporary Directory Information Disclosure
Moderate
CVE-2021-28100
was published
for
com.netflix.priam:priam
(Maven)
Mar 30, 2021
ProTip!
Advisories are also available from the
GraphQL API