GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
High
CVE-2025-66035
was published
for
@angular/common
(npm)
Nov 26, 2025
Directus's conceal fields are searchable if read permissions enabled
Moderate
CVE-2025-64748
was published
for
@directus/api
(npm)
Nov 13, 2025
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Moderate
CVE-2025-64502
was published
for
parse-server
(npm)
Nov 13, 2025
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
Moderate
CVE-2025-48996
was published
for
@haxtheweb/open-apis
(npm)
Jun 5, 2025
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Remote Memory Exposure in mongoose
Moderate
GHSA-r5xw-q988-826m
was published
for
mongoose
(npm)
Sep 1, 2020
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
ProTip!
Advisories are also available from the
GraphQL API