Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,731
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

60 advisories

Loading
Uncontrolled Resource Consumption in node High Unreviewed
CVE-2020-8277 was published Apr 14, 2021
Out-of-Bounds Read in Node.js High Unreviewed
CVE-2021-22918 was published Jul 13, 2021
Incorrect Permission Assignment for Critical Resource in Node High Unreviewed
CVE-2021-22921 was published Jul 13, 2021
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js... High Unreviewed
CVE-2019-5739 was published May 13, 2022
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before... High Unreviewed
CVE-2019-5737 was published May 13, 2022
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer... High Unreviewed
CVE-2018-7166 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can... High Unreviewed
CVE-2018-12116 was published May 13, 2022
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could... High Unreviewed
CVE-2018-7167 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with... High Unreviewed
CVE-2018-12121 was published May 13, 2022
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker... High Unreviewed
CVE-2018-7161 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial... High Unreviewed
CVE-2018-12122 was published May 13, 2022
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding ... High Unreviewed
CVE-2018-12115 was published May 13, 2022
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can... High Unreviewed
CVE-2018-7162 was published May 13, 2022
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug... High Unreviewed
CVE-2018-7164 was published May 13, 2022
The `'path'` module in the Node.js 4.x release line contains a potential regular expression... High Unreviewed
CVE-2018-7158 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change... High Unreviewed
CVE-2017-14849 was published May 13, 2022
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker... High Unreviewed
CVE-2018-12519 was published May 14, 2022
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0,... High Unreviewed
CVE-2017-11499 was published May 17, 2022
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a... High Unreviewed
CVE-2017-14919 was published May 17, 2022
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. High Unreviewed
CVE-2015-7384 was published May 17, 2022
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x... High Unreviewed
CVE-2016-2216 was published May 17, 2022
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0... High Unreviewed
CVE-2016-2086 was published May 17, 2022
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the... High Unreviewed
CVE-2015-8027 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database