GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Critical
CVE-2019-16303
was published
for
generator-jhipster-kotlin
(npm)
Jun 26, 2020
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
High
CVE-2025-34146
was published
for
@nyariv/sandboxjs
(npm)
Jul 31, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
High
CVE-2025-59288
was published
for
playwright
(npm)
Oct 14, 2025
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
High
CVE-2025-66414
was published
for
@modelcontextprotocol/sdk
(npm)
Dec 2, 2025
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
High
GHSA-2x8m-83vc-6wv4
was published
for
flowise
(npm)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API