GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
High
CVE-2025-59828
was published
for
@anthropic-ai/claude-code
(npm)
Sep 24, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
High
CVE-2025-59343
was published
for
tar-fs
(npm)
Sep 24, 2025
Keras is vulnerable to Deserialization of Untrusted Data
High
CVE-2025-9906
was published
for
keras
(pip)
Sep 19, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
High
CVE-2025-59041
was published
for
@anthropic-ai/claude-code
(npm)
Sep 10, 2025
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity
High
CVE-2025-58451
was published
for
cattown
(npm)
Sep 9, 2025
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
High
CVE-2025-58444
was published
for
@modelcontextprotocol/inspector
(npm)
Sep 8, 2025
The AuthKit Remix Library renders sensitive auth data in HTML
High
CVE-2025-55009
was published
for
@workos-inc/authkit-remix
(npm)
Aug 8, 2025
ProTip!
Advisories are also available from the
GraphQL API