Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

60 advisories

Loading
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with... High Unreviewed
CVE-2018-12121 was published May 13, 2022
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low... High Unreviewed
CVE-2021-33205 was published May 24, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0... High Unreviewed
CVE-2016-2086 was published May 17, 2022
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x... High Unreviewed
CVE-2016-2216 was published May 17, 2022
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the... High Unreviewed
CVE-2015-8027 was published May 17, 2022
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node... High Unreviewed
CVE-2015-5380 was published May 17, 2022
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can... High Unreviewed
CVE-2018-7162 was published May 13, 2022
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker... High Unreviewed
CVE-2018-7161 was published May 13, 2022
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack... High Unreviewed
CVE-2021-22883 was published May 24, 2022
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests... High Unreviewed
CVE-2020-8251 was published May 24, 2022
An exploitable local privilege elevation vulnerability exists in the file system permissions of... High Unreviewed
CVE-2020-13536 was published May 24, 2022
An exploitable local privilege elevation vulnerability exists in the file system permissions of... High Unreviewed
CVE-2020-13537 was published May 24, 2022
Node.js bad High Unreviewed
CVE-2021-22884 was published May 24, 2022
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0:... High Unreviewed
CVE-2021-26073 was published May 24, 2022
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js... High Unreviewed
CVE-2019-5739 was published May 13, 2022
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer... High Unreviewed
CVE-2018-7166 was published May 13, 2022
Uncontrolled Resource Consumption in node High Unreviewed
CVE-2020-8277 was published Apr 14, 2021
Incorrect Permission Assignment for Critical Resource in Node High Unreviewed
CVE-2021-22921 was published Jul 13, 2021
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding ... High Unreviewed
CVE-2018-12115 was published May 13, 2022
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change... High Unreviewed
CVE-2017-14849 was published May 13, 2022
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows... High Unreviewed
CVE-2022-32223 was published Jul 15, 2022
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker... High Unreviewed
CVE-2018-12519 was published May 14, 2022
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due... High Unreviewed
CVE-2022-32212 was published Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database