Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,330 advisories

Loading
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet
Credited to Chisnet
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
GHSA-mm7p-fcc7-pg87 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
MCPHub has an Improper Authorization vulnerability via its handleSseConnection function Moderate
CVE-2025-11287 was published for @samanhappy/mcphub (npm) Oct 5, 2025
Flowise Stored XSS vulnerability through logs in chatbot Moderate
GHSA-7r4h-vmj9-wg42 was published for flowise (npm) Oct 3, 2025
LIFE-team2024
Credited to LIFE-team2024
Flowise vulnerable to XSS Moderate
GHSA-4fr9-3x69-36wv was published for flowise (npm) Oct 3, 2025
quitbug
Credited to quitbug
algoliasearch-helper is vulnerable to Prototype Pollution in _merge() Moderate
CVE-2025-3193 was published for algoliasearch-helper (npm) Sep 27, 2025
express-xss-sanitizer has an unbounded recursion depth Moderate
CVE-2025-59364 was published for express-xss-sanitizer (npm) Sep 26, 2025
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
Credited to im-soohyun
ts-fns has prototype pollution vulnerability Moderate
CVE-2025-57351 was published for ts-fns (npm) Sep 24, 2025
parse is vulnerable to prototype pollution Moderate
CVE-2025-57324 was published for parse (npm) Sep 24, 2025
json-schema-editor-visual vulnerable to prototype pollution Moderate
CVE-2025-57320 was published for json-schema-editor-visual (npm) Sep 24, 2025
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure Moderate
GHSA-xh92-rqrq-227v was published for @mastra/mcp-docs-server (npm) Sep 24, 2025
lirantal
Credited to lirantal
counterpart vulnerable to prototype pollution Moderate
CVE-2025-57354 was published for counterpart (npm) Sep 24, 2025
CSVTOJSON has a prototype pollution vulnerability Moderate
CVE-2025-57350 was published for csvtojson (npm) Sep 24, 2025
Mailgen: HTML injection vulnerability in plaintext e-mails Moderate
CVE-2025-59526 was published for mailgen (npm) Sep 22, 2025
edoardottt
Credited to edoardottt
@conventional-changelog/git-client has Argument Injection vulnerability Moderate
CVE-2025-59433 was published for @conventional-changelog/git-client (npm) Sep 22, 2025
lirantal
Credited to lirantal
@digitalocean/do-markdownit has Type Confusion vulnerability Moderate
CVE-2025-59717 was published for @digitalocean/do-markdownit (npm) Sep 19, 2025
cai0duque
Credited to cai0duque
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages Moderate
CVE-2025-59417 was published for @lobehub/chat (npm) Sep 18, 2025
jackfromeast Suuuuuzy
Credited to jackfromeast and Suuuuuzy
@sequa-ai/sequa-mcp has Command Injection vulnerability Moderate
CVE-2025-10619 was published for @sequa-ai/sequa-mcp (npm) Sep 17, 2025
cai0duque
Credited to cai0duque
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th
Credited to R4356th
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-59155 was published for hackmd-mcp (npm) Sep 15, 2025
yuna0x0
Credited to yuna0x0
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark Moderate
CVE-2025-9862 was published for ghost (npm) Sep 15, 2025
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter Moderate
CVE-2025-58177 was published for n8n (npm) Sep 15, 2025
pfelilpe 5h0lm3s
Credited to pfelilpe and 5h0lm3s
MetaMask SDK indirectly exposed via malicious [email protected] dependency Moderate
GHSA-qj3p-xc97-xw74 was published for @metamask/sdk (npm) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database