GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
40 advisories
@nubosoftware/node-static failure to catch exception can result in server crash
High
CVE-2025-11149
was published
for
@nubosoftware/node-static
(npm)
Sep 30, 2025
check-branches is vulnerable to command Injection
Critical
CVE-2025-11148
was published
for
check-branches
(npm)
Sep 30, 2025
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure
Moderate
CVE-2025-61685
was published
for
@mastra/mcp-docs-server
(npm)
Sep 24, 2025
Command Injection in adb-mcp MCP Server
Critical
CVE-2025-59834
was published
for
adb-mcp
(npm)
Sep 24, 2025
`git-comiters` Command Injection vulnerability
High
CVE-2025-59831
was published
for
git-commiters
(npm)
Sep 22, 2025
@conventional-changelog/git-client has Argument Injection vulnerability
Moderate
CVE-2025-59433
was published
for
@conventional-changelog/git-client
(npm)
Sep 22, 2025
@executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode
High
CVE-2025-59333
was published
for
@executeautomation/database-server
(npm)
Sep 16, 2025
interactive-git-checkout has a Command Injection vulnerability
Critical
CVE-2025-59046
was published
for
interactive-git-checkout
(npm)
Sep 10, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Critical
CVE-2025-54994
was published
for
@akoskm/create-mcp-server-stdio
(npm)
Sep 8, 2025
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
High
CVE-2025-8267
was published
for
ssrfcheck
(npm)
Jul 28, 2025
Withdrawn Advisory: bun vulnerable to OS Command Injection
High
CVE-2025-8022
was published
for
bun
(npm)
Jul 23, 2025
•
withdrawn
files-bucket-server vulnerable to Directory Traversal
High
CVE-2025-8021
was published
for
files-bucket-server
(npm)
Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery
High
CVE-2025-8020
was published
for
private-ip
(npm)
Jul 23, 2025
GitHub Kanban MCP Server vulnerable to Command Injection
High
CVE-2025-53818
was published
for
@sunwood-ai-labs/github-kanban-mcp-server
(npm)
Jul 15, 2025
iOS Simulator MCP Command Injection allowed via exec API
Moderate
CVE-2025-52573
was published
for
ios-simulator-mcp
(npm)
Jun 26, 2025
nossrf Server-Side Request Forgery (SSRF)
High
CVE-2025-2691
was published
for
nossrf
(npm)
Mar 23, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
High
CVE-2025-25283
was published
for
parse-duration
(npm)
Feb 12, 2025
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
Critical
CVE-2025-24981
was published
for
@nuxtjs/mdc
(npm)
Feb 6, 2025
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Moderate
CVE-2024-21533
was published
for
ggit
(npm)
Oct 8, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API
Moderate
CVE-2023-26143
was published
for
blamer
(npm)
Sep 19, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
High
CVE-2023-26111
was published
for
@nubosoftware/node-static
(npm)
Mar 6, 2023
ProTip!
Advisories are also available from the
GraphQL API