Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,354 advisories

Loading
Vuetify has a Prototype Pollution vulnerability High
CVE-2025-8083 was published for vuetify (npm) Dec 12, 2025
Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component Moderate
CVE-2025-8082 was published for vuetify (npm) Dec 12, 2025
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Denial of Service Vulnerability in React Server Components High
CVE-2025-67779 was published for react-server-dom-parcel (npm) Dec 12, 2025
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Next Vulnerable to Denial of Service with Server Components High
GHSA-mwv6-3258-q52c was published for next (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Denial of Service Vulnerability in React Server Components High
CVE-2025-55184 was published for react-server-dom-parcel (npm) Dec 11, 2025
Ry0taK
Credited to Ry0taK
Source Code Exposure Vulnerability in React Server Components Moderate
CVE-2025-55183 was published for react-server-dom-parcel (npm) Dec 11, 2025
Servify-express rate limit issue High
CVE-2025-67731 was published for servify-express (npm) Dec 11, 2025
Aarondoran
Credited to Aarondoran
Improper Validation of Query Parameters in Auth0 Next.js SDK Low
CVE-2025-67716 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
Improper Request Caching Lookup in the Auth0 Next.js SDK Moderate
CVE-2025-67490 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-65513 was published for mcp-fetch-server (npm) Dec 10, 2025
@tiptap/extension-link vulnerable to Cross-site Scripting (XSS) Low
CVE-2025-14284 was published for @tiptap/extension-link (npm) Dec 9, 2025
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments Moderate
CVE-2025-13877 was published for @nocobase/auth (npm) Dec 9, 2025
H2u8s
Credited to H2u8s
Elysia affected by arbitrary code injection through cookie config High
CVE-2025-66457 was published for elysia (npm) Dec 9, 2025
sportshead
Credited to sportshead
Elysia vulnerable to prototype pollution with multiple standalone schema validation Critical
CVE-2025-66456 was published for elysia (npm) Dec 9, 2025
sportshead
Credited to sportshead
@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server Critical
CVE-2025-67489 was published for @vitejs/plugin-rsc (npm) Dec 8, 2025
xdavidhu
Credited to xdavidhu
Altcha Proof-of-Work obfuscation mode cryptanalytic break Moderate
CVE-2025-65849 was published for altcha (npm) Dec 8, 2025
eternal-flame-AD
Credited to eternal-flame-AD
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook Critical
CVE-2025-65964 was published for n8n (npm) Dec 8, 2025
Malayke
Credited to Malayke
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 Moderate
CVE-2025-66202 was published for astro (npm) Dec 8, 2025
zomaxsec
Credited to zomaxsec
Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF' High
CVE-2025-65959 was published for open-webui (npm) Dec 4, 2025
pyozzi-toss L2VE
Credited to pyozzi-toss and L2VE
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database