Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,789
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,781
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,995 advisories

Loading
Next.JS vulnerability can lead to DoS via cache poisoning High
CVE-2025-49826 was published for next (npm) Jul 3, 2025
cold-try
Next.js has a Cache poisoning vulnerability due to omission of the Vary header Low
CVE-2025-49005 was published for next (npm) Jul 3, 2025
n8n is vulnerable to Improper Authorization through its `/stop` endpoint Moderate
CVE-2025-52554 was published for n8n (npm) Jul 3, 2025
pfelilpe LucianoSorrentino95
agustedone ffaggiani
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript Moderate
CVE-2025-48939 was published for tarteaucitronjs (npm) Jul 3, 2025
Rudloff
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests Moderate
CVE-2025-49595 was published for n8n (npm) Jul 3, 2025
pfelilpe LucianoSorrentino95
agustedone ivov ffaggiani
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
Electron vulnerable to Heap Buffer Overflow in NativeImage Moderate
CVE-2024-46993 was published for electron (npm) Jun 30, 2025
francobel
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR jprichardson
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment High
CVE-2024-49364 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
Claude Code Improper Authorization via websocket connections from arbitrary origins High
CVE-2025-52882 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer Moderate
CVE-2025-50183 was published for @openlist-frontend/openlist-frontend (npm) Jun 18, 2025
zyk2507 cxw620
jyxjjj
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
Withdrawn Advisory: microlight.js has a null pointer dereference vulnerability Low
CVE-2025-45525 was published for microlight (npm) Jun 17, 2025 withdrawn
OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint High
CVE-2025-6087 was published for @opennextjs/cloudflare (npm) Jun 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database