Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,722
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

27 advisories

Loading
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.... Moderate Unreviewed
CVE-2023-39333 was published Sep 7, 2024
A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed
CVE-2023-30582 was published Sep 7, 2024
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non... Moderate Unreviewed
CVE-2024-22020 was published Jul 9, 2024
Claris International has successfully resolved an issue of potentially exposing password... Moderate Unreviewed
CVE-2023-42955 was published May 14, 2024
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack... Moderate Unreviewed
CVE-2024-22025 was published Mar 19, 2024
The Node.js Permission Model does not clarify in the documentation that wildcards should be only... Moderate Unreviewed
CVE-2024-21890 was published Feb 20, 2024
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate... Moderate Unreviewed
CVE-2023-30588 was published Nov 28, 2023
A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed
CVE-2023-32005 was published Sep 20, 2023
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a... Moderate Unreviewed
CVE-2023-32003 was published Aug 15, 2023
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21... Moderate Unreviewed
CVE-2023-23920 was published Feb 23, 2023
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0... Moderate Unreviewed
CVE-2022-32222 was published Jul 15, 2022
If the Node.js https API was used incorrectly and "undefined" was in passed for the ... Moderate Unreviewed
CVE-2021-22939 was published May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in... Moderate Unreviewed
CVE-2020-8287 was published May 24, 2022
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when... Moderate Unreviewed
CVE-2019-15604 was published May 24, 2022
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows... Moderate Unreviewed
CVE-2019-13030 was published May 24, 2022
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can... Moderate Unreviewed
CVE-2018-18524 was published May 24, 2022
Google V8 computes hash values for form parameters without restricting the ability to trigger... Moderate Unreviewed
CVE-2011-5037 was published May 17, 2022
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive... Moderate Unreviewed
CVE-2014-5256 was published May 17, 2022
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the... Moderate Unreviewed
CVE-2017-15897 was published May 14, 2022
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0... Moderate Unreviewed
CVE-2016-5325 was published May 14, 2022
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x... Moderate Unreviewed
CVE-2016-7099 was published May 14, 2022
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers... Moderate Unreviewed
CVE-2013-4450 was published May 14, 2022
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does... Moderate Unreviewed
CVE-2012-2330 was published May 13, 2022
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header,... Moderate Unreviewed
CVE-2018-7159 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in... Moderate Unreviewed
CVE-2018-12123 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database