Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,574 advisories

Loading
The AuthKit Remix Library renders sensitive auth data in HTML High
CVE-2025-55009 was published for @workos-inc/authkit-remix (npm) Aug 8, 2025
The AuthKit React Router Library rendered sensitive auth data in HTML High
CVE-2025-55008 was published for @workos-inc/authkit-react-router (npm) Aug 8, 2025
@fedify/fedify has Improper Authentication and Incorrect Authorization High
CVE-2025-54888 was published for @fedify/fedify (npm) Aug 8, 2025
allouis dahlia
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
js-toml Prototype Pollution Vulnerability High
CVE-2025-54803 was published for js-toml (npm) Aug 4, 2025
siunam321
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access High
CVE-2025-54794 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh
GitProxy Hidden Commits Injection High
CVE-2025-54586 was published for @finos/git-proxy (npm) Jul 30, 2025
GitProxy New Branch Approval Exploit High
CVE-2025-54585 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada
GitProxy Backfile Parsing Exploit High
CVE-2025-54584 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
GitProxy Approval Bypass When Pushing Multiple Branches High
CVE-2025-54583 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
06kellyjac
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability High
CVE-2025-8267 was published for ssrfcheck (npm) Jul 28, 2025
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) High
CVE-2025-8101 was published for linkifyjs (npm) Jul 26, 2025
saip007
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data High
CVE-2025-54371 was published for axios (npm) Jul 23, 2025 withdrawn
izzygld mhassan1
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025
lirantal
NodeJS version of the HAX CMS application is distributed with Default Secrets High
CVE-2025-54137 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
lfgberg asareynolds
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting High
CVE-2025-54128 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Alchemy Non-SMA and Webauthn Account Security Advisory High
GHSA-56r6-ccm5-8hg3 was published for @account-kit/smart-contracts (npm) Jul 21, 2025
carlos-cow
@translated/lara-mcp vulnerable to command injection in import_tmx tool High
CVE-2025-53832 was published for @translated/lara-mcp (npm) Jul 21, 2025
dellalibera
Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering High
CVE-2025-54075 was published for @nuxtjs/mdc (npm) Jul 20, 2025
Vozec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database