GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,787
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,016
Maven 5,202
npm 3,721
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 852
Swift 36

Unreviewed advisories

All unreviewed 236,241

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

100 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental... High Unreviewed

CVE-2023-30587 was published Sep 7, 2024

A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed

CVE-2023-30584 was published Sep 7, 2024

fs.openAsBlob() can bypass the experimental permission model when using the file system read... High Unreviewed

CVE-2023-30583 was published Sep 7, 2024

A vulnerability has been identified in Node.js, affecting users of the experimental permission... Low Unreviewed

CVE-2024-36137 was published Sep 7, 2024

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.... Moderate Unreviewed

CVE-2023-39333 was published Sep 7, 2024

A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed

CVE-2023-30582 was published Sep 7, 2024

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed

CVE-2023-46809 was published Sep 7, 2024

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment... High Unreviewed

CVE-2024-22169 was published Aug 2, 2024

A vulnerability has been identified in Node.js, affecting users of the experimental permission... Low Unreviewed

CVE-2024-22018 was published Jul 10, 2024

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non... Moderate Unreviewed

CVE-2024-22020 was published Jul 9, 2024

Claris International has successfully resolved an issue of potentially exposing password... Moderate Unreviewed

CVE-2023-42955 was published May 14, 2024

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount... High Unreviewed

CVE-2024-27983 was published Apr 9, 2024

setuid() does not affect libuv's internal io_uring operations if initialized before the call to... High Unreviewed

CVE-2024-22017 was published Mar 19, 2024

A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack... Moderate Unreviewed

CVE-2024-22025 was published Mar 19, 2024

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs... High Unreviewed

CVE-2024-21891 was published Feb 20, 2024

The Node.js Permission Model does not clarify in the documentation that wildcards should be only... Moderate Unreviewed

CVE-2024-21890 was published Feb 20, 2024

The permission model protects itself against path traversal attacks by calling path.resolve() on... High Unreviewed

CVE-2024-21896 was published Feb 20, 2024

On Linux, Node.js ignores certain environment variables if those may have been set by an... High Unreviewed

CVE-2024-21892 was published Feb 20, 2024

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP... High Unreviewed

CVE-2024-22019 was published Feb 20, 2024

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate... Moderate Unreviewed

CVE-2023-30588 was published Nov 28, 2023

A vulnerability has been identified in the Node.js (.msi version) installation process,... High Unreviewed

CVE-2023-30585 was published Nov 28, 2023

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism... High Unreviewed

CVE-2023-30581 was published Nov 23, 2023

Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In... Critical Unreviewed

CVE-2023-39332 was published Oct 18, 2023

When the Node.js policy feature checks the integrity of a resource against a trusted manifest,... High Unreviewed

CVE-2023-38552 was published Oct 18, 2023

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit... High Unreviewed

CVE-2023-39331 was published Oct 18, 2023

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

100 advisories