Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,779
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,988 advisories

Loading
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
Electron vulnerable to Heap Buffer Overflow in NativeImage Moderate
CVE-2024-46993 was published for electron (npm) Jun 30, 2025
francobel
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR jprichardson
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment High
CVE-2024-49364 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
Claude Code Improper Authorization via websocket connections from arbitrary origins High
CVE-2025-52882 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer Moderate
CVE-2025-50183 was published for @openlist-frontend/openlist-frontend (npm) Jun 18, 2025
zyk2507 cxw620
jyxjjj
Withdrawn Advisory: microlight.js has a null pointer dereference vulnerability Low
CVE-2025-45525 was published for microlight (npm) Jun 17, 2025 withdrawn
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint High
CVE-2025-6087 was published for @opennextjs/cloudflare (npm) Jun 16, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
pg-promise SQL Injection vulnerability Moderate
CVE-2025-29744 was published for pg-promise (npm) Jun 12, 2025
Erxes Incorrect Access Control vulnerability High
CVE-2024-57190 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability High
CVE-2024-57186 was published for erxes (npm) Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database