GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering
High
CVE-2025-67647
was published
for
@sveltejs/adapter-node
(npm)
Jan 15, 2026
Astro vulnerable to reflected XSS via the server islands feature
High
CVE-2025-64764
was published
for
astro
(npm)
Nov 19, 2025
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
Moderate
CVE-2025-64525
was published
for
astro
(npm)
Nov 13, 2025
Next.JS vulnerability can lead to DoS via cache poisoning
High
CVE-2025-49826
was published
for
next
(npm)
Jul 3, 2025
Next.js Race Condition to Cache Poisoning
Low
CVE-2025-32421
was published
for
next
(npm)
May 15, 2025
React Router allows pre-render data spoofing on React-Router framework mode
High
CVE-2025-43865
was published
for
react-router
(npm)
Apr 24, 2025
React Router allows a DoS via cache poisoning by forcing SPA mode
High
CVE-2025-43864
was published
for
react-router
(npm)
Apr 24, 2025
Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
High
CVE-2025-31137
was published
for
@react-router/express
(npm)
Apr 1, 2025
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Nuxt allows DOS via cache poisoning with payload rendering response
High
CVE-2025-27415
was published
for
nuxt
(npm)
Mar 19, 2025
ProTip!
Advisories are also available from the
GraphQL API