Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,829
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,065
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,009
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,006 advisories

Loading
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
Flowise JS injection remote code execution Critical
CVE-2025-55346 was published for flowise (npm) Aug 14, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical
CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann ljharb
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
JLLeitschuh
billboard.js allows prototype pollution via the function generate Critical
CVE-2025-49223 was published for billboard.js (npm) Jun 4, 2025
saip-loginsoft
samlify SAML Signature Wrapping attack Critical
CVE-2025-47949 was published for samlify (npm) May 19, 2025
ahacker1-securesaml
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 Critical
CVE-2025-32965 was published for xrpl (npm) Apr 22, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO Critical
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database