Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
Astro Development Server has Arbitrary Local File Read Low
CVE-2025-64757 was published for astro (npm) Nov 19, 2025
monizb Princesseuh
delucis ematipico
Credited to monizb, Princesseuh, delucis, and ematipico
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass Moderate
CVE-2025-64525 was published for astro (npm) Nov 13, 2025
cold-try delucis
Credited to cold-try and delucis
Astro development server error page vulnerable to reflected Cross-site Scripting Low
CVE-2025-64745 was published for astro (npm) Nov 13, 2025
pHo9UBenaA delucis
florian-lefebvre
Credited to pHo9UBenaA, delucis, and florian-lefebvre
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Credited to ghostdevv, monizb, alexanderniebuhr, ascorbic, ematipico, and delucis
Astro allows unauthorized third-party images in _image endpoint Moderate
CVE-2025-55303 was published for @astrojs/node (npm) Aug 19, 2025
HakuPiku GeneralZero
chriselbring-avalabs ematipico delucis Princesseuh
Credited to HakuPiku, GeneralZero, chriselbring-avalabs, ematipico, delucis, and Princesseuh
@astrojs/node's trailing slash handling causes open redirect issue Moderate
CVE-2025-55207 was published for @astrojs/node (npm) Aug 15, 2025
florian-lefebvre ematipico
Fryuni delucis
Credited to florian-lefebvre, ematipico, Fryuni, and delucis
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Credited to KageShiron, ematipico, delucis, and ascorbic
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database