GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,378 advisories
Altcha Proof-of-Work obfuscation mode cryptanalytic break
Moderate
CVE-2025-65849
was published
for
altcha
(npm)
Dec 8, 2025
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Moderate
CVE-2025-13877
was published
for
@nocobase/auth
(npm)
Dec 9, 2025
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Moderate
CVE-2025-66202
was published
for
astro
(npm)
Dec 8, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Moderate
GHSA-9x4v-xfq5-m8x5
was published
for
better-auth
(npm)
Feb 5, 2025
Parcel has an Origin Validation Error vulnerability
Moderate
CVE-2025-56648
was published
for
@parcel/reporter-dev-server
(npm)
Sep 17, 2025
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Moderate
CVE-2024-27094
was published
for
@openzeppelin/contracts
(npm)
Feb 29, 2024
mcp-server-kubernetes has potential security issue in exec_in_pod tool
Moderate
CVE-2025-66404
was published
for
mcp-server-kubernetes
(npm)
Dec 3, 2025
Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host
Moderate
CVE-2025-66405
was published
for
@portkey-ai/gateway
(npm)
Dec 2, 2025
fastify-reply-from affected by bypass of reply forwarding
Moderate
CVE-2025-66415
was published
for
@fastify/reply-from
(npm)
Dec 2, 2025
willitmerge has a Command Injection vulnerability
Moderate
CVE-2025-66219
was published
for
willitmerge
(npm)
Nov 26, 2025
node-forge is vulnerable to ASN.1 OID Integer Truncation
Moderate
CVE-2025-66030
was published
for
node-forge
(npm)
Nov 26, 2025
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Moderate
CVE-2025-66028
was published
for
@oneuptime/common
(npm)
Nov 25, 2025
parse is vulnerable to prototype pollution
Moderate
CVE-2025-57324
was published
for
parse
(npm)
Sep 24, 2025
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass
Moderate
GHSA-q7jf-gf43-6x6p
was published
for
hono
(npm)
Oct 24, 2025
Strapi Password Hashing is Missing Maximum Password Length Validation
Moderate
CVE-2025-25298
was published
for
@strapi/core
(npm)
Oct 16, 2025
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
Moderate
CVE-2025-64765
was published
for
astro
(npm)
Nov 19, 2025
Astro allows unauthorized third-party images in _image endpoint
Moderate
CVE-2025-55303
was published
for
@astrojs/node
(npm)
Aug 19, 2025
Astros's duplicate trailing slash feature leads to an open redirection security issue
Moderate
CVE-2025-54793
was published
for
astro
(npm)
Aug 7, 2025
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API