GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,102 advisories
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Critical
CVE-2025-54127
was published
for
@haxtheweb/haxcms-nodejs
(npm)
Jul 21, 2025
form-data uses unsafe random function in form-data for choosing boundary
Critical
CVE-2025-7783
was published
for
form-data
(npm)
Jul 21, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
Critical
CVE-2025-53624
was published
for
docusaurus-plugin-content-gists
(npm)
Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
Critical
CVE-2025-53620
was published
for
@builder.io/qwik-city
(npm)
Jul 9, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys
Critical
CVE-2025-6547
was published
for
pbkdf2
(npm)
Jun 23, 2025
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Critical
CVE-2025-6545
was published
for
pbkdf2
(npm)
Jun 23, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
billboard.js allows prototype pollution via the function generate
Critical
CVE-2025-49223
was published
for
billboard.js
(npm)
Jun 4, 2025
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
Critical
CVE-2025-31477
was published
for
@tauri-apps/plugin-shell
(npm)
Apr 2, 2025
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Flowise allows arbitrary file write to RCE
Critical
GHSA-8vvx-qvq9-5948
was published
for
flowise
(npm)
Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Critical
CVE-2025-29775
was published
for
xml-crypto
(npm)
Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
Critical
CVE-2025-29774
was published
for
xml-crypto
(npm)
Mar 14, 2025
Flowise Pre-auth Arbitrary File Upload
Critical
GHSA-h42x-xx2q-6v6g
was published
for
flowise
(npm)
Mar 13, 2025
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Critical
GHSA-vjh7-7g9h-fjfh
was published
for
elliptic
(npm)
Feb 12, 2025
Inefficient Regular Expression Complexity in koa
Critical
CVE-2025-25200
was published
for
koa
(npm)
Feb 12, 2025
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
Critical
CVE-2025-24981
was published
for
@nuxtjs/mdc
(npm)
Feb 6, 2025
utils-extend Prototype Pollution
Critical
CVE-2024-57077
was published
for
utils-extend
(npm)
Feb 6, 2025
ProTip!
Advisories are also available from the
GraphQL API