GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
High
GHSA-2x8m-83vc-6wv4
was published
for
flowise
(npm)
Apr 16, 2026
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
High
CVE-2025-66414
was published
for
@modelcontextprotocol/sdk
(npm)
Dec 2, 2025
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
High
CVE-2025-59288
was published
for
playwright
(npm)
Oct 14, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
High
CVE-2025-34146
was published
for
@nyariv/sandboxjs
(npm)
Jul 31, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
ProTip!
Advisories are also available from the
GraphQL API