GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,950 advisories
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
Moderate
CVE-2025-32997
was published
for
http-proxy-middleware
(npm)
Apr 15, 2025
http-proxy-middleware can call writeBody twice because "else if" is not used
Moderate
CVE-2025-32996
was published
for
http-proxy-middleware
(npm)
Apr 15, 2025
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
Moderate
CVE-2025-32388
was published
for
@sveltejs/kit
(npm)
Apr 14, 2025
Directus inserts access token from query string into logs
Moderate
CVE-2024-47822
was published
for
@directus/api
(npm)
Apr 14, 2025
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Moderate
CVE-2025-32395
was published
for
vite
(npm)
Apr 11, 2025
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
Moderate
CVE-2025-32379
was published
for
koa
(npm)
Apr 9, 2025
estree-util-value-to-estree allows prototype pollution in generated ESTree
Moderate
CVE-2025-32014
was published
for
estree-util-value-to-estree
(npm)
Apr 7, 2025
FlowiseDB vulnerable to SQL Injection by authenticated users
Moderate
GHSA-9c4c-g95m-c8cp
was published
for
flowise
(npm)
Apr 7, 2025
js-object-utilities Vulnerable to Prototype Pollution
High
CVE-2025-28269
was published
for
js-object-utilities
(npm)
Apr 7, 2025
tarteaucitron.js allows url scheme injection via unfiltered inputs
Moderate
CVE-2025-31476
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Moderate
CVE-2025-31138
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Moderate
CVE-2025-31486
was published
for
vite
(npm)
Apr 4, 2025
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
High
CVE-2025-31119
was published
for
generator-jhipster-entity-audit
(npm)
Apr 4, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
Critical
CVE-2025-31477
was published
for
@tauri-apps/plugin-shell
(npm)
Apr 2, 2025
ProTip!
Advisories are also available from the
GraphQL API