GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,104 advisories
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
High
CVE-2025-58179
was published
for
@astrojs/cloudflare
(npm)
Sep 4, 2025
Hono's flaw in URL path parsing could cause path confusion
High
CVE-2025-58362
was published
for
hono
(npm)
Sep 3, 2025
Electron has ASAR Integrity Bypass via resource modification
Moderate
CVE-2025-55305
was published
for
electron
(npm)
Sep 3, 2025
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
High
CVE-2025-58358
was published
for
mcp-markdownify-server
(npm)
Sep 2, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Moderate
CVE-2025-57752
was published
for
next
(npm)
Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
Malicious versions of Nx were published
Critical
GHSA-cxm3-wv7p-598c
was published
for
@nx/devkit
(npm)
Aug 27, 2025
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-hmfr-rx46-4jx2
was published
for
@escape.tech/graphql-armor-max-depth
(npm)
Aug 26, 2025
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1
Moderate
CVE-2025-57814
was published
for
request-filtering-agent
(npm)
Aug 25, 2025
@musistudio/claude-code-router has improper CORS configuration
High
CVE-2025-57755
was published
for
@musistudio/claude-code-router
(npm)
Aug 21, 2025
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request
Moderate
CVE-2025-57753
was published
for
vite-plugin-static-copy
(npm)
Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data
Critical
CVE-2025-9288
was published
for
sha.js
(npm)
Aug 21, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data
Critical
CVE-2025-9287
was published
for
cipher-base
(npm)
Aug 21, 2025
ProTip!
Advisories are also available from the
GraphQL API