GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,930 advisories
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Low
CVE-2025-46720
was published
for
@keystone-6/core
(npm)
May 5, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
Vite's server.fs.deny bypassed with /. for files under project root
Moderate
CVE-2025-46565
was published
for
vite
(npm)
Apr 30, 2025
Homograph attack allows Unicode lookalike characters to bypass validation.
High
CVE-2025-27611
was published
for
base-x
(npm)
Apr 30, 2025
@account-kit/smart-contracts Allowlist Module Bypass Vulnerability
Moderate
GHSA-wfm2-rq5g-f8v5
was published
for
@account-kit/smart-contracts
(npm)
Apr 29, 2025
n8n Vulnerable to Stored XSS through Attachments View Endpoint
Moderate
CVE-2025-46343
was published
for
n8n
(npm)
Apr 28, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Low
CVE-2025-46653
was published
for
formidable
(npm)
Apr 26, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-733v-p3h5-qpq7
was published
for
@escape.tech/graphql-armor-cost-limit
(npm)
Apr 25, 2025
React Router allows pre-render data spoofing on React-Router framework mode
High
CVE-2025-43865
was published
for
react-router
(npm)
Apr 24, 2025
React Router allows a DoS via cache poisoning by forcing SPA mode
High
CVE-2025-43864
was published
for
react-router
(npm)
Apr 24, 2025
tRPC 11 WebSocket DoS Vulnerability
High
CVE-2025-43855
was published
for
@trpc/server
(npm)
Apr 24, 2025
ProTip!
Advisories are also available from the
GraphQL API