GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode
High
CVE-2025-64443
was published
for
github.com/docker/mcp-gateway
(Go)
Dec 3, 2025
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
High
CVE-2025-59288
was published
for
playwright
(npm)
Oct 14, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
High
CVE-2025-34146
was published
for
@nyariv/sandboxjs
(npm)
Jul 31, 2025
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
High
CVE-2023-28465
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Mar 10, 2023
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
High
CVE-2022-31159
was published
for
com.amazonaws:aws-java-sdk-s3
(Maven)
Jul 15, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
Temporary Directory Hijacking Vulnerability in Keycloak
High
CVE-2021-20202
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 18, 2022
Cached redirect poisoning via X-Forwarded-Host header
High
CVE-2021-29479
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
ProTip!
Advisories are also available from the
GraphQL API