Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,522
Maven
5,000+
npm
4,176
NuGet
741
pip
3,965
Pub
12
RubyGems
947
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,004 advisories

Loading
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters High
CVE-2025-59830 was published for rack (RubyGems) Sep 25, 2025
kwkr jeremyevans
ioquatix
Gardener Extensions for multiple providers vulnerable to Terraform code injection Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
cors-anywhere vulnerable to server-side request forgery Critical
CVE-2020-36851 was published for cors-anywhere (npm) Sep 25, 2025
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
ml-logger has path traversal in the file argument Moderate
CVE-2025-10951 was published for ml-logger (pip) Sep 25, 2025
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
sassdoc-extras vulnerable to prototype pollution Low
CVE-2025-57326 was published for sassdoc-extras (npm) Sep 24, 2025
messageformat has a prototype pollution vulnerability Low
CVE-2025-57349 was published for messageformat (npm) Sep 24, 2025
node-cube vulnerable to prototype pollution Low
CVE-2025-57348 was published for node-cube (npm) Sep 24, 2025
ts-fns has prototype pollution vulnerability Moderate
CVE-2025-57351 was published for ts-fns (npm) Sep 24, 2025
magix-combine-ex vulnerable to prototype pollution Low
CVE-2025-57321 was published for magix-combine-ex (npm) Sep 24, 2025
mpregular vulnerable to prototype pollution High
CVE-2025-57323 was published for mpregular (npm) Sep 24, 2025
web3-core-subscriptions has a Prototype Pollution vulnerability Low
CVE-2025-57330 was published for web3-core-subscriptions (npm) Sep 24, 2025
Llama Stack could potentially allow for remote code execution Moderate
CVE-2025-55178 was published for llama-stack (pip) Sep 24, 2025
Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes High
CVE-2025-59839 was published for starcitizenwiki/embedvideo (Composer) Sep 24, 2025
SomeMWDev
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure Moderate
GHSA-xh92-rqrq-227v was published for @mastra/mcp-docs-server (npm) Sep 24, 2025
lirantal
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions High
CVE-2025-59828 was published for @anthropic-ai/claude-code (npm) Sep 24, 2025
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
CSVTOJSON has a prototype pollution vulnerability Moderate
CVE-2025-57350 was published for csvtojson (npm) Sep 24, 2025
messageformat prototype pollution vulnerability High
CVE-2025-57353 was published for @messageformat/runtime (npm) Sep 24, 2025
Mangati NovoSGA XSS vulnerability in /admin Low
CVE-2025-10909 was published for novosga/novosga (Composer) Sep 24, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database