Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,566 advisories

Loading
GitProxy Backfile Parsing Exploit High
CVE-2025-54584 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
GitProxy Approval Bypass When Pushing Multiple Branches High
CVE-2025-54583 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh
GitProxy Hidden Commits Injection High
CVE-2025-54586 was published for @finos/git-proxy (npm) Jul 30, 2025
GitProxy New Branch Approval Exploit High
CVE-2025-54585 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) High
CVE-2025-8101 was published for linkifyjs (npm) Jul 26, 2025
saip007
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability High
CVE-2025-8267 was published for ssrfcheck (npm) Jul 28, 2025
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025
lirantal
Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data High
CVE-2025-54371 was published for axios (npm) Jul 23, 2025 withdrawn
izzygld mhassan1
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
NodeJS version of the HAX CMS application is distributed with Default Secrets High
CVE-2025-54137 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
lfgberg asareynolds
eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code High
CVE-2025-54313 was published for @pkgr/core (npm) Jul 19, 2025
Pradoxzon
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting High
CVE-2025-54128 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
@translated/lara-mcp vulnerable to command injection in import_tmx tool High
CVE-2025-53832 was published for @translated/lara-mcp (npm) Jul 21, 2025
dellalibera
Alchemy Non-SMA and Webauthn Account Security Advisory High
GHSA-56r6-ccm5-8hg3 was published for @account-kit/smart-contracts (npm) Jul 21, 2025
carlos-cow
Denial of Service in @hapi/subtext High
GHSA-3wqh-h42r-x8fq was published for @hapi/subtext (npm) Sep 3, 2020
Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering High
CVE-2025-54075 was published for @nuxtjs/mdc (npm) Jul 20, 2025
Vozec
Prototype pollution in min-dash High
CVE-2021-23460 was published for min-dash (Maven) Feb 1, 2022
cristianstaicu
Duplicate Advisory: Prototype Pollution in min-dash High
GHSA-fm93-fhh2-cg2c was published for min-dash (npm) Jan 27, 2022 withdrawn
Duplicate Advisory: Prototype Pollution in klona High
GHSA-4r97-78gf-q24v was published for klona (npm) Sep 4, 2020 withdrawn
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpip UlisesGascon
LinusU
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database