Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,520
Maven
5,000+
npm
4,160
NuGet
738
pip
3,959
Pub
12
RubyGems
946
Rust
1,027
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,160 advisories

Loading
Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink High
CVE-2025-59430 was published for @meshconnect/web-link-sdk (npm) Sep 22, 2025
aptos-security zwxxb
zi0Black
Mailgen: HTML injection vulnerability in plaintext e-mails Low
CVE-2025-59526 was published for mailgen (npm) Sep 22, 2025
edoardottt
`git-comiters` Command Injection vulnerability High
GHSA-g38c-wxjf-xrh6 was published for git-commiters (npm) Sep 22, 2025
lirantal
@conventional-changelog/git-client has Argument Injection vulnerability Moderate
CVE-2025-59433 was published for @conventional-changelog/git-client (npm) Sep 22, 2025
lirantal
Codex has sandbox bypass due to bug in path configuration logic High
CVE-2025-59532 was published for @openai/codex (npm) Sep 19, 2025
@digitalocean/do-markdownit has Type Confusion vulnerability Moderate
CVE-2025-59717 was published for @digitalocean/do-markdownit (npm) Sep 19, 2025
cai0duque
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages Moderate
CVE-2025-59417 was published for @lobehub/chat (npm) Sep 18, 2025
jackfromeast Suuuuuzy
@sequa-ai/sequa-mcp has Command Injection vulnerability Low
CVE-2025-10619 was published for @sequa-ai/sequa-mcp (npm) Sep 17, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
@executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode High
CVE-2025-59333 was published for @executeautomation/database-server (npm) Sep 16, 2025
lirantal
[email protected] contains malware after npm account takeover High
CVE-2025-59331 was published for is-arrayish (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59330 was published for error-ex (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59162 was published for color-convert (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59145 was published for color-name (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59144 was published for debug (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59143 was published for color (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59142 was published for color-string (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59141 was published for simple-swizzle (npm) Sep 15, 2025
[email protected] contains malware after npm account takeover High
CVE-2025-59140 was published for backslash (npm) Sep 15, 2025
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-59155 was published for hackmd-mcp (npm) Sep 15, 2025
yuna0x0
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark Moderate
CVE-2025-9862 was published for ghost (npm) Sep 15, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Flowise has arbitrary file access due to missing chat flow id validation Critical
GHSA-q67q-549q-p849 was published for flowise (npm) Sep 15, 2025
rpie9
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database