GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,088 advisories
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-hmfr-rx46-4jx2
was published
for
@escape.tech/graphql-armor-max-depth
(npm)
Aug 26, 2025
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1
Moderate
CVE-2025-57814
was published
for
request-filtering-agent
(npm)
Aug 25, 2025
@musistudio/claude-code-router has improper CORS configuration
High
CVE-2025-57755
was published
for
@musistudio/claude-code-router
(npm)
Aug 21, 2025
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request
Moderate
CVE-2025-57753
was published
for
vite-plugin-static-copy
(npm)
Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data
Critical
CVE-2025-9288
was published
for
sha.js
(npm)
Aug 21, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data
Critical
CVE-2025-9287
was published
for
cipher-base
(npm)
Aug 21, 2025
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Moderate
CVE-2025-57749
was published
for
n8n
(npm)
Aug 20, 2025
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
Critical
CVE-2025-55746
was published
for
@directus/api
(npm)
Aug 20, 2025
screenshot-desktop vulnerable to command Injection via `format` option
Critical
CVE-2025-55294
was published
for
screenshot-desktop
(npm)
Aug 19, 2025
Mermaid improperly sanitizes sequence diagram labels leading to XSS
Moderate
CVE-2025-54881
was published
for
mermaid
(npm)
Aug 19, 2025
Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Moderate
CVE-2025-54880
was published
for
mermaid
(npm)
Aug 19, 2025
Astro allows unauthorized third-party images in _image endpoint
Moderate
CVE-2025-55303
was published
for
@astrojs/node
(npm)
Aug 19, 2025
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
High
CVE-2025-52478
was published
for
n8n
(npm)
Aug 19, 2025
@astrojs/node's trailing slash handling causes open redirect issue
Moderate
CVE-2025-55207
was published
for
@astrojs/node
(npm)
Aug 15, 2025
ProTip!
Advisories are also available from the
GraphQL API