GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,377 advisories
Mailgen: HTML injection vulnerability in plaintext e-mails
Moderate
CVE-2025-59526
was published
for
mailgen
(npm)
Sep 22, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js
Moderate
CVE-2025-9096
was published
for
express-gateway
(npm)
Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js
Moderate
CVE-2025-9095
was published
for
express-gateway
(npm)
Aug 18, 2025
Decap CMS Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2025-57520
was published
for
decap-cms
(npm)
Sep 10, 2025
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Moderate
CVE-2025-59160
was published
for
matrix-js-sdk
(npm)
Sep 16, 2025
@digitalocean/do-markdownit has Type Confusion vulnerability
Moderate
CVE-2025-59717
was published
for
@digitalocean/do-markdownit
(npm)
Sep 19, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Moderate
CVE-2025-9910
was published
for
jsondiffpatch
(npm)
Sep 11, 2025
@conventional-changelog/git-client has Argument Injection vulnerability
Moderate
CVE-2025-59433
was published
for
@conventional-changelog/git-client
(npm)
Sep 22, 2025
Cloudflare Vite plugin exposes secrets over the built-in dev server
Moderate
CVE-2025-59427
was published
for
@cloudflare/vite-plugin
(npm)
Jul 8, 2025
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Moderate
CVE-2024-21533
was published
for
ggit
(npm)
Oct 8, 2024
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components
Moderate
CVE-2025-1647
was published
for
bootstrap
(npm)
May 15, 2025
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2025-59155
was published
for
hackmd-mcp
(npm)
Sep 15, 2025
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Moderate
CVE-2025-58177
was published
for
n8n
(npm)
Sep 15, 2025
Hono has Body Limit Middleware Bypass
Moderate
CVE-2025-59139
was published
for
hono
(npm)
Sep 12, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute
Moderate
CVE-2025-57665
was published
for
element-plus
(npm)
Sep 9, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
Next.js Improper Middleware Redirect Handling Leads to SSRF
Moderate
CVE-2025-57822
was published
for
next
(npm)
Aug 29, 2025
Next.js Content Injection Vulnerability for Image Optimization
Moderate
CVE-2025-55173
was published
for
next
(npm)
Aug 29, 2025
KaTeX \htmlData does not validate attribute names
Moderate
CVE-2025-23207
was published
for
katex
(npm)
Jan 17, 2025
Electron has ASAR Integrity Bypass via resource modification
Moderate
CVE-2025-55305
was published
for
electron
(npm)
Sep 3, 2025
ProTip!
Advisories are also available from the
GraphQL API