Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,905
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

989 advisories

Loading
Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 Critical
CVE-2025-32965 was published for xrpl (npm) Apr 22, 2025
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
Remote code execution in simple-git Critical
CVE-2022-25860 was published for simple-git (npm) Jan 26, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try jackwilson323
AWS Amplify CLI has incorrect trust policy management Critical
CVE-2024-28056 was published for @aws-amplify/cli (npm) Apr 15, 2024
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO Critical
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Critical
GHSA-vjh7-7g9h-fjfh was published for elliptic (npm) Feb 12, 2025
ChALkeR jprichardson
DocsGPT Allows Remote Code Execution Critical
CVE-2025-0868 was published for docsgpt (npm) Feb 20, 2025
Inefficient Regular Expression Complexity in koa Critical
CVE-2025-25200 was published for koa (npm) Feb 12, 2025
R4356th
Deserialization of Untrusted Data in bson Critical
CVE-2020-7610 was published for bson (npm) May 7, 2021
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
Prototype Pollution in deep-extend Critical
CVE-2018-3750 was published for deep-extend (npm) Oct 9, 2018
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database