GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,850
Composer 4,262
Erlang 31
GitHub Actions 21
Go 2,029
Maven 5,207
npm 3,732
NuGet 662
pip 3,408
Pub 12
RubyGems 891
Rust 864
Swift 36

Unreviewed advisories

All unreviewed 237,190

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

60 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental... High Unreviewed

CVE-2023-30587 was published Sep 7, 2024

A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed

CVE-2023-30584 was published Sep 7, 2024

fs.openAsBlob() can bypass the experimental permission model when using the file system read... High Unreviewed

CVE-2023-30583 was published Sep 7, 2024

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed

CVE-2023-46809 was published Sep 7, 2024

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment... High Unreviewed

CVE-2024-22169 was published Aug 2, 2024

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount... High Unreviewed

CVE-2024-27983 was published Apr 9, 2024

setuid() does not affect libuv's internal io_uring operations if initialized before the call to... High Unreviewed

CVE-2024-22017 was published Mar 19, 2024

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs... High Unreviewed

CVE-2024-21891 was published Feb 20, 2024

The permission model protects itself against path traversal attacks by calling path.resolve() on... High Unreviewed

CVE-2024-21896 was published Feb 20, 2024

On Linux, Node.js ignores certain environment variables if those may have been set by an... High Unreviewed

CVE-2024-21892 was published Feb 20, 2024

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP... High Unreviewed

CVE-2024-22019 was published Feb 20, 2024

A vulnerability has been identified in the Node.js (.msi version) installation process,... High Unreviewed

CVE-2023-30585 was published Nov 28, 2023

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism... High Unreviewed

CVE-2023-30581 was published Nov 23, 2023

When the Node.js policy feature checks the integrity of a resource against a trusted manifest,... High Unreviewed

CVE-2023-38552 was published Oct 18, 2023

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit... High Unreviewed

CVE-2023-39331 was published Oct 18, 2023

The use of the deprecated API `process.binding()` can bypass the permission model through path... High Unreviewed

CVE-2023-32558 was published Sep 15, 2023

A privilege escalation vulnerability exists in the experimental policy mechanism in all active... High Unreviewed

CVE-2023-32559 was published Aug 24, 2023

A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed

CVE-2023-32004 was published Aug 15, 2023

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require... High Unreviewed

CVE-2023-32006 was published Aug 15, 2023

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL... High Unreviewed

CVE-2023-30586 was published Jul 1, 2023

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3... High Unreviewed

CVE-2023-23918 was published Feb 23, 2023

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in... High Unreviewed

CVE-2023-23919 was published Feb 23, 2023

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19... High Unreviewed

CVE-2022-43548 was published Dec 6, 2022

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows... High Unreviewed

CVE-2022-32223 was published Jul 15, 2022

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due... High Unreviewed

CVE-2022-32212 was published Jul 15, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

60 advisories