GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
60 advisories
Filter by severity
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental...
High
Unreviewed
CVE-2023-30587
was published
Sep 7, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental...
High
Unreviewed
CVE-2023-30584
was published
Sep 7, 2024
fs.openAsBlob() can bypass the experimental permission model when using the file system read...
High
Unreviewed
CVE-2023-30583
was published
Sep 7, 2024
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked...
High
Unreviewed
CVE-2023-46809
was published
Sep 7, 2024
WD Discovery
versions prior to 5.0.589 contain a misconfiguration in the Node.js environment...
High
Unreviewed
CVE-2024-22169
was published
Aug 2, 2024
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount...
High
Unreviewed
CVE-2024-27983
was published
Apr 9, 2024
setuid() does not affect libuv's internal io_uring operations if initialized before the call to...
High
Unreviewed
CVE-2024-22017
was published
Mar 19, 2024
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs...
High
Unreviewed
CVE-2024-21891
was published
Feb 20, 2024
The permission model protects itself against path traversal attacks by calling path.resolve() on...
High
Unreviewed
CVE-2024-21896
was published
Feb 20, 2024
On Linux, Node.js ignores certain environment variables if those may have been set by an...
High
Unreviewed
CVE-2024-21892
was published
Feb 20, 2024
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP...
High
Unreviewed
CVE-2024-22019
was published
Feb 20, 2024
A vulnerability has been identified in the Node.js (.msi version) installation process,...
High
Unreviewed
CVE-2023-30585
was published
Nov 28, 2023
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism...
High
Unreviewed
CVE-2023-30581
was published
Nov 23, 2023
When the Node.js policy feature checks the integrity of a resource against a trusted manifest,...
High
Unreviewed
CVE-2023-38552
was published
Oct 18, 2023
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit...
High
Unreviewed
CVE-2023-39331
was published
Oct 18, 2023
The use of the deprecated API `process.binding()` can bypass the permission model through path...
High
Unreviewed
CVE-2023-32558
was published
Sep 15, 2023
A privilege escalation vulnerability exists in the experimental policy mechanism in all active...
High
Unreviewed
CVE-2023-32559
was published
Aug 24, 2023
A vulnerability has been discovered in Node.js version 20, specifically within the experimental...
High
Unreviewed
CVE-2023-32004
was published
Aug 15, 2023
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require...
High
Unreviewed
CVE-2023-32006
was published
Aug 15, 2023
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL...
High
Unreviewed
CVE-2023-30586
was published
Jul 1, 2023
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3...
High
Unreviewed
CVE-2023-23918
was published
Feb 23, 2023
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in...
High
Unreviewed
CVE-2023-23919
was published
Feb 23, 2023
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19...
High
Unreviewed
CVE-2022-43548
was published
Dec 6, 2022
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows...
High
Unreviewed
CVE-2022-32223
was published
Jul 15, 2022
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due...
High
Unreviewed
CVE-2022-32212
was published
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API