Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,615
Maven
5,000+
npm
5,000+
NuGet
925
pip
4,835
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies High
CVE-2026-34226 was published for happy-dom (npm) Mar 29, 2026
r74tech Credited to r74tech
OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains Moderate
CVE-2026-28481 was published for openclaw (npm) Feb 17, 2026
yueyueL Credited to yueyueL
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client High
CVE-2025-66035 was published for @angular/common (npm) Nov 26, 2025
alan-agius4 Credited to alan-agius4, AndrewKushnir, irsl, hybrist, and AKiileX AndrewKushnir AndrewKushnir
irsl irsl hybrist hybrist AKiileX AKiileX
Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true` Moderate
CVE-2025-65944 was published for @sentry/astro (npm) Nov 24, 2025
Directus's conceal fields are searchable if read permissions enabled Moderate
CVE-2025-64748 was published for @directus/api (npm) Nov 13, 2025
bryantgillespie Credited to bryantgillespie
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details Moderate
CVE-2025-64502 was published for parse-server (npm) Nov 13, 2025
mtrezza Credited to mtrezza, coratgerl, and mstniy coratgerl coratgerl
mstniy mstniy
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm Credited to 23younesm
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes Credited to bcomnes and KhafraDev KhafraDev KhafraDev
Remote Memory Exposure in mongoose Moderate
GHSA-r5xw-q988-826m was published for mongoose (npm) Sep 1, 2020
mprpic Credited to mprpic
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607 Credited to tdunlap607
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database