Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

152 advisories

Loading
expr-eval does not restrict functions passed to the evaluate function High
CVE-2025-12735 was published for expr-eval (npm) Nov 5, 2025
Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-3g4j-r53p-22wx was published for flowise (npm) Oct 17, 2025 withdrawn
Happy DOM: VM Context Escape can lead to Remote Code Execution Critical
CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025
Mas0nShi
Credited to Mas0nShi
Claude Code can execute commands prior to the startup trust dialog High
CVE-2025-59536 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
Flowise has Remote Code Execution vulnerability Critical
CVE-2025-59528 was published for flowise (npm) Sep 15, 2025
im-soohyun
Credited to im-soohyun
FlowiseAI Pre-Auth Arbitrary Code Execution Critical
CVE-2025-57164 was published for flowise (npm) Sep 15, 2025
Dipper37701
Credited to Dipper37701
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
Claude Code rg vulnerability does not protect against approval prompt bypass High
CVE-2025-58764 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
cai0duque
Credited to cai0duque
SimStudioAI: A function in route.ts is vulnerable to Code Injection Moderate
CVE-2025-10097 was published for simstudio (npm) Sep 8, 2025
Electron has ASAR Integrity Bypass via resource modification Moderate
CVE-2025-55305 was published for electron (npm) Sep 3, 2025
dariushoule
Credited to dariushoule
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning High
GHSA-ph6w-f82w-28w6 was published for @anthropic-ai/claude-code (npm) Sep 3, 2025
Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection Critical
GHSA-q4xx-mc3q-23x8 was published for flowise (npm) Aug 14, 2025 withdrawn
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
Credited to pyozzi-toss
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus axi92
fperalta-INTIVE
Credited to aydinnyunus, axi92, and fperalta-INTIVE
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
lkuechler
Credited to lkuechler
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
Mongoose search injection vulnerability Critical
CVE-2025-23061 was published for mongoose (npm) Jan 15, 2025
skrtheboss
Credited to skrtheboss
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
Credited to xAiluros
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
Credited to JorianWoltjer
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
Credited to mcoimbra and filipeom
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast gshanbhag525
Credited to jackfromeast and gshanbhag525
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
lilconfig Code Injection vulnerability High
CVE-2024-21537 was published for lilconfig (npm) Oct 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database