GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,932 advisories
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Low
CVE-2025-46720
was published
for
@keystone-6/core
(npm)
May 5, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
Vite's server.fs.deny bypassed with /. for files under project root
Moderate
CVE-2025-46565
was published
for
vite
(npm)
Apr 30, 2025
Homograph attack allows Unicode lookalike characters to bypass validation.
High
CVE-2025-27611
was published
for
base-x
(npm)
Apr 30, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Low
CVE-2025-46653
was published
for
formidable
(npm)
Apr 26, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Moderate
CVE-2025-31486
was published
for
vite
(npm)
Apr 4, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-733v-p3h5-qpq7
was published
for
@escape.tech/graphql-armor-cost-limit
(npm)
Apr 25, 2025
ProTip!
Advisories are also available from the
GraphQL API