Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,778
Maven
5,000+
npm
4,379
NuGet
770
pip
4,150
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,380 advisories

Loading
apidoc-core has a prototype pollution vulnerability Critical
CVE-2025-13158 was published for apidoc-core (npm) Dec 26, 2025
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu
Credited to berkdedekarginoglu
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu VladimirEliTokarev
Credited to berkdedekarginoglu and VladimirEliTokarev
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox High
CVE-2025-61914 was published for n8n (npm) Dec 26, 2025
nlgbao1340
Credited to nlgbao1340
libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS) High
CVE-2025-25341 was published for libxmljs (npm) Dec 26, 2025
LangChain serialization injection vulnerability enables secret extraction High
CVE-2025-68665 was published for @langchain/core (npm) Dec 23, 2025
ccurme mdrxy
0xn3va yardenporat353 VladimirEliTokarev hntrl siewer jacoblee93
Credited to ccurme, mdrxy, 0xn3va, yardenporat353, VladimirEliTokarev, hntrl, siewer, and jacoblee93
Fedify has ReDoS Vulnerability in HTML Parsing Regex High
CVE-2025-68475 was published for @fedify/fedify (npm) Dec 22, 2025
yueyueL
Credited to yueyueL
n8n Vulnerable to Remote Code Execution via Expression Injection Critical
CVE-2025-68613 was published for n8n (npm) Dec 22, 2025
fatihhcelik
Credited to fatihhcelik
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature Low
GHSA-24v3-254g-jv85 was published for @tutao/tutanota-utils (npm) Dec 19, 2025
Orejime has executable code in HTML attributes Low
CVE-2025-68457 was published for orejime (npm) Dec 19, 2025
Rudloff felixgirault
Credited to Rudloff and felixgirault
Storybook manager bundle may expose environment variables during build High
CVE-2025-68429 was published for storybook (npm) Dec 18, 2025
tinacms is vulnerable to arbitrary code execution High
CVE-2025-68278 was published for @tinacms/cli (npm) Dec 18, 2025
cristianstaicu
Credited to cristianstaicu
Nodemailer is vulnerable to DoS through Uncontrolled Recursion Moderate
CVE-2025-14874 was published for nodemailer (npm) Dec 18, 2025
Mattermost Desktop App exposes sensitive information in its application logs Low
CVE-2025-13321 was published for mattermost-desktop (npm) Dec 17, 2025
systeminformation has a Command Injection vulnerability in fsSize() function on Windows High
CVE-2025-68154 was published for systeminformation (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter High
CVE-2025-68150 was published for parse-server (npm) Dec 16, 2025
yueyueL mtrezza
Credited to yueyueL and mtrezza
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits High
GHSA-x732-6j76-qmhm was published for better-auth (npm) Dec 16, 2025
goksan
Credited to goksan
tRPC has possible prototype pollution in `experimental_nextAppDirCaller` High
CVE-2025-68130 was published for @trpc/server (npm) Dec 16, 2025
Pr00fOf3xpl0it
Credited to Pr00fOf3xpl0it
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables Moderate
CVE-2025-68115 was published for parse-server (npm) Dec 16, 2025
yueyueL mtrezza
Credited to yueyueL and mtrezza
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions Critical
GHSA-vr6p-vq2p-6j74 was published for likec4 (npm) Dec 15, 2025 withdrawn
fnuttens davydkov
Credited to fnuttens and davydkov
Misskey has a login rate limit bypass via spoofed X-Forwarded-For header Moderate
CVE-2025-66482 was published for misskey-js (npm) Dec 15, 2025
BoBeR182 saschanaz
Credited to BoBeR182 and saschanaz
misskey.js's export data contains private post data High
CVE-2025-66402 was published for misskey-js (npm) Dec 15, 2025
na2204 samunohito
Credited to na2204 and samunohito
MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 Moderate
CVE-2025-67898 was published for mjml (npm) Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database