GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
FUXA Unauthenticated Remote Arbitrary Device Tag Write
Critical
CVE-2026-25752
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
Critical
GHSA-88qh-cphv-996c
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Critical
GHSA-32cc-x95p-fxcg
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Exposure of Plaintext Database Credentials
Critical
CVE-2026-25751
was published
for
fuxa-server
(npm)
Feb 5, 2026
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
Critical
GHSA-vwcg-c828-9822
was published
for
fuxa-server
(npm)
Feb 5, 2026
Qwik City Open Redirect via fixTrailingSlash
Low
CVE-2026-25149
was published
for
@builder.io/qwik-city
(npm)
Feb 3, 2026
Qwik SSR XSS via Unsafe Virtual Node Serialization
Moderate
CVE-2026-25148
was published
for
@builder.io/qwik-city
(npm)
Feb 3, 2026
Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State
High
CVE-2026-22814
was published
for
@adonisjs/lucid
(npm)
Jan 13, 2026
AdonisJS Path Traversal in Multipart File Handling
Critical
CVE-2026-21440
was published
for
@adonisjs/bodyparser
(npm)
Jan 2, 2026
node-forge has ASN.1 Unbounded Recursion
High
CVE-2025-66031
was published
for
node-forge
(npm)
Nov 26, 2025
node-forge is vulnerable to ASN.1 OID Integer Truncation
Moderate
CVE-2025-66030
was published
for
node-forge
(npm)
Nov 26, 2025
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization
High
CVE-2025-12816
was published
for
node-forge
(npm)
Nov 26, 2025
ProTip!
Advisories are also available from the
GraphQL API