GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,374 advisories
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Moderate
CVE-2025-66202
was published
for
astro
(npm)
Dec 8, 2025
mcp-server-kubernetes has potential security issue in exec_in_pod tool
Moderate
CVE-2025-66404
was published
for
mcp-server-kubernetes
(npm)
Dec 3, 2025
Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host
Moderate
CVE-2025-66405
was published
for
@portkey-ai/gateway
(npm)
Dec 2, 2025
fastify-reply-from affected by bypass of reply forwarding
Moderate
CVE-2025-66415
was published
for
@fastify/reply-from
(npm)
Dec 2, 2025
willitmerge has a Command Injection vulnerability
Moderate
CVE-2025-66219
was published
for
willitmerge
(npm)
Nov 26, 2025
node-forge is vulnerable to ASN.1 OID Integer Truncation
Moderate
CVE-2025-66030
was published
for
node-forge
(npm)
Nov 26, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Moderate
CVE-2025-66028
was published
for
@oneuptime/common
(npm)
Nov 25, 2025
body-parser is vulnerable to denial of service when url encoding is used
Moderate
CVE-2025-13466
was published
for
body-parser
(npm)
Nov 25, 2025
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
Moderate
CVE-2025-64765
was published
for
astro
(npm)
Nov 19, 2025
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message
Moderate
CVE-2025-64758
was published
for
@dependencytrack/frontend
(npm)
Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
Directus has Improper Permission Handling on Deleted Fields
Moderate
CVE-2025-64746
was published
for
directus
(npm)
Nov 14, 2025
js-yaml has prototype pollution in merge (<<)
Moderate
CVE-2025-64718
was published
for
js-yaml
(npm)
Nov 14, 2025
Directus Vulnerable to Information Leakage in Existing Collections
Moderate
CVE-2025-64749
was published
for
@directus/api
(npm)
Nov 13, 2025
Directus's conceal fields are searchable if read permissions enabled
Moderate
CVE-2025-64748
was published
for
@directus/api
(npm)
Nov 13, 2025
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
Moderate
CVE-2025-64525
was published
for
astro
(npm)
Nov 13, 2025
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Moderate
CVE-2025-64502
was published
for
parse-server
(npm)
Nov 13, 2025
ProTip!
Advisories are also available from the
GraphQL API