GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,818 advisories
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Critical
GHSA-vjh7-7g9h-fjfh
was published
for
elliptic
(npm)
Feb 12, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
High
CVE-2025-25283
was published
for
parse-duration
(npm)
Feb 12, 2025
Inefficient Regular Expression Complexity in koa
Critical
CVE-2025-25200
was published
for
koa
(npm)
Feb 12, 2025
Authentication bypass in @sap/approuter
High
CVE-2025-24876
was published
for
@sap/approuter
(npm)
Feb 11, 2025
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
esbuild enables any website to send any requests to the development server and read the response
Moderate
GHSA-67mh-4wv8-2f99
was published
for
esbuild
(npm)
Feb 10, 2025
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
Critical
CVE-2025-24981
was published
for
@nuxtjs/mdc
(npm)
Feb 6, 2025
@rpldy/uploader prototype pollution
High
CVE-2024-57082
was published
for
@rpldy/uploader
(npm)
Feb 6, 2025
@tanstack/form-core prototype pollution
High
CVE-2024-57068
was published
for
@tanstack/form-core
(npm)
Feb 6, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Critical
GHSA-9x4v-xfq5-m8x5
was published
for
better-auth
(npm)
Feb 5, 2025
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Critical
CVE-2025-24964
was published
for
vitest
(npm)
Feb 4, 2025
Vitest browser mode serves arbitrary files
Moderate
CVE-2025-24963
was published
for
@vitest/browser
(npm)
Feb 4, 2025
ZX Allows Environment Variable Injection for dotenv API
Moderate
CVE-2025-24959
was published
for
zx
(npm)
Feb 3, 2025
ProTip!
Advisories are also available from the
GraphQL API