Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes KhafraDev
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
Out-of-bounds Read in njwt Low
GHSA-g3qw-9pgp-xpj4 was published for njwt (npm) Sep 1, 2020
Cross-Site Scripting in serialize-to-js Low
CVE-2019-16772 was published for serialize-to-js (npm) Dec 6, 2019
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API