GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,994 advisories
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
Moderate
CVE-2025-52554
was published
for
n8n
(npm)
Jul 3, 2025
Next.JS vulnerability can lead to DoS via cache poisoning
High
CVE-2025-49826
was published
for
next
(npm)
Jul 3, 2025
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
Moderate
CVE-2025-48939
was published
for
tarteaucitronjs
(npm)
Jul 3, 2025
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
Moderate
CVE-2025-49595
was published
for
n8n
(npm)
Jul 3, 2025
react-native-keys insecurely stores encryption cipher and Base64 chunks
High
CVE-2025-45001
was published
for
react-native-keys
(npm)
Jun 9, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools
High
CVE-2025-53107
was published
for
@cyanheads/git-mcp-server
(npm)
Jun 30, 2025
tiny-secp256k1 allows for verify() bypass when running in bundled environment
High
CVE-2024-49365
was published
for
tiny-secp256k1
(npm)
Jun 30, 2025
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment
High
CVE-2024-49364
was published
for
tiny-secp256k1
(npm)
Jun 30, 2025
Electron vulnerable to Heap Buffer Overflow in NativeImage
Moderate
CVE-2024-46993
was published
for
electron
(npm)
Jun 30, 2025
electron ASAR Integrity bypass by just modifying the content
High
CVE-2024-46992
was published
for
electron
(npm)
Jun 30, 2025
DOMPurify allows Cross-site Scripting (XSS)
Moderate
CVE-2025-26791
was published
for
dompurify
(npm)
Feb 14, 2025
Taylor has race condition in /get-patch that allows purchase token replay
Low
GHSA-vh5j-5fhq-9xwg
was published
for
taylored
(npm)
Jun 27, 2025
PrismJS DOM Clobbering vulnerability
Moderate
CVE-2024-53382
was published
for
prismjs
(npm)
Mar 3, 2025
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
n8n allows open redirects via the /signin endpoint
Moderate
CVE-2025-49592
was published
for
n8n
(npm)
Jun 27, 2025
iOS Simulator MCP Command Injection allowed via exec API
Moderate
CVE-2025-52573
was published
for
ios-simulator-mcp
(npm)
Jun 26, 2025
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
ProTip!
Advisories are also available from the
GraphQL API