Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,486
Maven
5,000+
npm
4,104
NuGet
735
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,104 advisories

Loading
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
@clerk/backend Performs Insufficient Verification of Data Authenticity High
CVE-2025-53548 was published for @clerk/astro (npm) Jul 9, 2025
GautierT
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
MCP Server Kubernetes vulnerable to command injection in several tools High
CVE-2025-53355 was published for mcp-server-kubernetes (npm) Jul 8, 2025
dellalibera
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
GHSA-4pfg-2mw5-f8jx was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection High
CVE-2025-53372 was published for node-code-sandbox-mcp (npm) Jul 8, 2025
dellalibera
Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes Low
CVE-2025-53535 was published for better-auth (npm) Jul 7, 2025
mwlik imenyoo2
Next.JS vulnerability can lead to DoS via cache poisoning High
CVE-2025-49826 was published for next (npm) Jul 3, 2025
cold-try
Next.js has a Cache poisoning vulnerability due to omission of the Vary header Low
CVE-2025-49005 was published for next (npm) Jul 3, 2025
n8n is vulnerable to Improper Authorization through its `/stop` endpoint Moderate
CVE-2025-52554 was published for n8n (npm) Jul 3, 2025
pfelilpe MarcL
LucianoSorrentino95 agustedone ffaggiani
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript Moderate
CVE-2025-48939 was published for tarteaucitronjs (npm) Jul 3, 2025
Rudloff
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests Moderate
CVE-2025-49595 was published for n8n (npm) Jul 3, 2025
pfelilpe LucianoSorrentino95
agustedone ivov ffaggiani
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
Electron vulnerable to Heap Buffer Overflow in NativeImage Moderate
CVE-2024-46993 was published for electron (npm) Jun 30, 2025
francobel
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR jprichardson
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment High
CVE-2024-49364 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database