Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,364 advisories

Loading
dref is vulnerable to prototype pollution High
CVE-2025-26278 was published for dref (npm) Sep 25, 2025
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
Credited to im-soohyun
mpregular vulnerable to prototype pollution High
CVE-2025-57323 was published for mpregular (npm) Sep 24, 2025
magix-combine-ex vulnerable to prototype pollution Low
CVE-2025-57321 was published for magix-combine-ex (npm) Sep 24, 2025
sassdoc-extras vulnerable to prototype pollution Low
CVE-2025-57326 was published for sassdoc-extras (npm) Sep 24, 2025
csvjson vulnerable to prototype injection High
CVE-2025-57318 was published for csvjson (npm) Sep 24, 2025
json-schema-editor-visual vulnerable to prototype pollution Moderate
CVE-2025-57320 was published for json-schema-editor-visual (npm) Sep 24, 2025
spmrc vulnerable to prototype pollution Low
CVE-2025-57327 was published for spmrc (npm) Sep 24, 2025
toggle-array vulnerable to prototype pollution Low
CVE-2025-57328 was published for toggle-array (npm) Sep 24, 2025
web3-core-method is vulnerable to prototype pollution Low
CVE-2025-57329 was published for web3-core-method (npm) Sep 24, 2025
web3-core-subscriptions has a Prototype Pollution vulnerability Low
CVE-2025-57330 was published for web3-core-subscriptions (npm) Sep 24, 2025
Duplicate Advisory: rollbar vulnerable to prototype pollution Low
GHSA-m929-rg27-gj99 was published for rollbar (npm) Sep 24, 2025 withdrawn
anshulsahni
Credited to anshulsahni
messageformat has a prototype pollution vulnerability Low
CVE-2025-57349 was published for messageformat (npm) Sep 24, 2025
node-cube vulnerable to prototype pollution Low
CVE-2025-57348 was published for node-cube (npm) Sep 24, 2025
ts-fns has prototype pollution vulnerability Moderate
CVE-2025-57351 was published for ts-fns (npm) Sep 24, 2025
parse is vulnerable to prototype pollution Moderate
CVE-2025-57324 was published for parse (npm) Sep 24, 2025
miguelmunoz-dotcom
Credited to miguelmunoz-dotcom
Withdrawn Advisory: fast-redact vulnerable to prototype pollution Low
CVE-2025-57319 was published for fast-redact (npm) Sep 24, 2025 withdrawn
mcollina
Credited to mcollina
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure Moderate
CVE-2025-61685 was published for @mastra/mcp-docs-server (npm) Sep 24, 2025
lirantal
Credited to lirantal
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Credited to lirantal
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions High
CVE-2025-59828 was published for @anthropic-ai/claude-code (npm) Sep 24, 2025
cai0duque
Credited to cai0duque
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
counterpart vulnerable to prototype pollution Moderate
CVE-2025-57354 was published for counterpart (npm) Sep 24, 2025
messageformat prototype pollution vulnerability Moderate
CVE-2025-57353 was published for @messageformat/runtime (npm) Sep 24, 2025
min-document vulnerable to prototype pollution Low
CVE-2025-57352 was published for min-document (npm) Sep 24, 2025
G-Rath
Credited to G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database