GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,830 advisories
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Critical
CVE-2025-29775
was published
for
xml-crypto
(npm)
Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
Critical
CVE-2025-29774
was published
for
xml-crypto
(npm)
Mar 14, 2025
Prototype Pollution Vulnerability in parse-git-config
High
CVE-2025-25975
was published
for
parse-git-config
(npm)
Mar 12, 2025
Froala WYSIWYG editor allows cross-site scripting (XSS)
Moderate
CVE-2024-51434
was published
for
froala-editor
(Composer)
Nov 8, 2024
Flowise allows arbitrary file write to RCE
Critical
GHSA-8vvx-qvq9-5948
was published
for
flowise
(npm)
Mar 14, 2025
Froala Editor Cross-site Scripting vulnerability
Moderate
CVE-2023-41592
was published
for
froala-editor
(Composer)
Sep 15, 2023
Flowise Pre-auth Arbitrary File Upload
Critical
GHSA-h42x-xx2q-6v6g
was published
for
flowise
(npm)
Mar 13, 2025
canvg Prototype Pollution vulnerability
High
CVE-2025-25977
was published
for
canvg
(npm)
Mar 10, 2025
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Moderate
CVE-2025-27789
was published
for
@babel/helpers
(npm)
Mar 11, 2025
Mockoon has a Path Traversal and LFI in the static file serving endpoint
High
GHSA-w7f9-wqc4-3wxr
was published
for
@mockoon/cli
(npm)
Mar 11, 2025
PrismJS DOM Clobbering vulnerability
Moderate
CVE-2024-53382
was published
for
prismjs
(npm)
Mar 3, 2025
Vue I18n Allows Prototype Pollution in `handleFlatJson`
High
CVE-2025-27597
was published
for
@intlify/core
(npm)
Mar 7, 2025
@zag-js/core prototype pollution
High
CVE-2024-57079
was published
for
@zag-js/core
(npm)
Feb 6, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
High
CVE-2025-27152
was published
for
axios
(npm)
Mar 7, 2025
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
Moderate
CVE-2025-27506
was published
for
nocodb
(npm)
Mar 6, 2025
Manifest Uses a One-Way Hash without a Salt
Moderate
CVE-2025-27408
was published
for
manifest
(npm)
Mar 3, 2025
ProTip!
Advisories are also available from the
GraphQL API