GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
Moderate
CVE-2025-58337
was published
for
doris-mcp-server
(pip)
Nov 5, 2025
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure
Moderate
CVE-2025-61685
was published
for
@mastra/mcp-docs-server
(npm)
Sep 24, 2025
@conventional-changelog/git-client has Argument Injection vulnerability
Moderate
CVE-2025-59433
was published
for
@conventional-changelog/git-client
(npm)
Sep 22, 2025
iOS Simulator MCP Command Injection allowed via exec API
Moderate
CVE-2025-52573
was published
for
ios-simulator-mcp
(npm)
Jun 26, 2025
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Moderate
CVE-2024-21533
was published
for
ggit
(npm)
Oct 8, 2024
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API
Moderate
CVE-2023-26143
was published
for
blamer
(npm)
Sep 19, 2023
Path traversal vulnerability in glance
Moderate
CVE-2022-25937
was published
for
glance
(npm)
Feb 13, 2023
Cross-site Scripting (XSS) in serve-lite
Moderate
CVE-2022-25847
was published
for
serve-lite
(npm)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API