GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,011 advisories
utils-extend Prototype Pollution
Critical
CVE-2024-57077
was published
for
utils-extend
(npm)
Feb 6, 2025
Malicious versions of Nx were published
Critical
GHSA-cxm3-wv7p-598c
was published
for
@nx/devkit
(npm)
Aug 27, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data
Critical
CVE-2025-9287
was published
for
cipher-base
(npm)
Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data
Critical
CVE-2025-9288
was published
for
sha.js
(npm)
Aug 21, 2025
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
Critical
CVE-2025-55746
was published
for
@directus/api
(npm)
Aug 20, 2025
screenshot-desktop vulnerable to command Injection via `format` option
Critical
CVE-2025-55294
was published
for
screenshot-desktop
(npm)
Aug 19, 2025
Prototype Pollution in lodash
Critical
CVE-2019-10744
was published
for
lodash
(RubyGems)
Jul 10, 2019
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
billboard.js allows prototype pollution via the function generate
Critical
CVE-2025-49223
was published
for
billboard.js
(npm)
Jun 4, 2025
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Critical
CVE-2025-54127
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jul 21, 2025
form-data uses unsafe random function in form-data for choosing boundary
Critical
CVE-2025-7783
was published
for
form-data
(npm)
Jul 21, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
Critical
CVE-2025-53624
was published
for
docusaurus-plugin-content-gists
(npm)
Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
Critical
CVE-2025-53620
was published
for
@builder.io/qwik-city
(npm)
Jul 9, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys
Critical
CVE-2025-6547
was published
for
pbkdf2
(npm)
Jun 23, 2025
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Critical
CVE-2025-6545
was published
for
pbkdf2
(npm)
Jun 23, 2025
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
ProTip!
Advisories are also available from the
GraphQL API