Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
Mermaid improperly sanitizes sequence diagram labels leading to XSS Moderate
CVE-2025-54881 was published for mermaid (npm) Aug 19, 2025
fourcube Credited to fourcube, sidharthv96, dav1tj, aloisklink, and MermaidChart sidharthv96 sidharthv96
dav1tj dav1tj aloisklink aloisklink MermaidChart MermaidChart
Mermaid does not properly sanitize architecture diagram iconText leading to XSS Moderate
CVE-2025-54880 was published for mermaid (npm) Aug 19, 2025
fourcube Credited to fourcube, sidharthv96, dav1tj, aloisklink, and MermaidChart sidharthv96 sidharthv96
dav1tj dav1tj aloisklink aloisklink MermaidChart MermaidChart
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink Credited to aloisklink, sidharthv96, ashishjain0512, mlevy-parasoft, and byt3n33dl3 sidharthv96 sidharthv96
ashishjain0512 ashishjain0512 mlevy-parasoft mlevy-parasoft byt3n33dl3 byt3n33dl3
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database