Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
Astro Development Server has Arbitrary Local File Read Low
CVE-2025-64757 was published for astro (npm) Nov 19, 2025
monizb Credited to monizb, Princesseuh, delucis, and ematipico Princesseuh Princesseuh
delucis delucis ematipico ematipico
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass Moderate
CVE-2025-64525 was published for astro (npm) Nov 13, 2025
cold-try Credited to cold-try and delucis delucis delucis
Astro development server error page is vulnerable to reflected Cross-site Scripting Low
CVE-2025-64745 was published for astro (npm) Nov 13, 2025
pHo9UBenaA Credited to pHo9UBenaA, delucis, and florian-lefebvre delucis delucis
florian-lefebvre florian-lefebvre
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv Credited to ghostdevv, monizb, alexanderniebuhr, ascorbic, ematipico, and delucis monizb monizb
alexanderniebuhr alexanderniebuhr ascorbic ascorbic ematipico ematipico delucis delucis
Astro allows unauthorized third-party images in _image endpoint Moderate
CVE-2025-55303 was published for @astrojs/node (npm) Aug 19, 2025
HakuPiku Credited to HakuPiku, GeneralZero, chriselbring-avalabs, ematipico, delucis, and Princesseuh GeneralZero GeneralZero
chriselbring-avalabs chriselbring-avalabs ematipico ematipico delucis delucis Princesseuh Princesseuh
@astrojs/node's trailing slash handling causes open redirect issue Moderate
CVE-2025-55207 was published for @astrojs/node (npm) Aug 15, 2025
florian-lefebvre Credited to florian-lefebvre, ematipico, Fryuni, and delucis ematipico ematipico
Fryuni Fryuni delucis delucis
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron Credited to KageShiron, ematipico, delucis, and ascorbic ematipico ematipico
delucis delucis ascorbic ascorbic
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database