Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

126 advisories

Loading
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
Denial of service in http-proxy-middleware High
CVE-2024-21536 was published for http-proxy-middleware (npm) Oct 19, 2024
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental... High Unreviewed
CVE-2023-30587 was published Sep 7, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed
CVE-2023-30584 was published Sep 7, 2024
fs.openAsBlob() can bypass the experimental permission model when using the file system read... High Unreviewed
CVE-2023-30583 was published Sep 7, 2024
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed
CVE-2023-46809 was published Sep 7, 2024
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment... High Unreviewed
CVE-2024-22169 was published Aug 2, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users High
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount... High Unreviewed
CVE-2024-27983 was published Apr 9, 2024
@electron/packager's build process memory potentially leaked into final executable High
CVE-2024-29900 was published for @electron/packager (npm) Mar 29, 2024
setuid() does not affect libuv's internal io_uring operations if initialized before the call to... High Unreviewed
CVE-2024-22017 was published Mar 19, 2024
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination High
CVE-2024-27935 was published for deno (Rust) Mar 5, 2024
mmastrac
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs... High Unreviewed
CVE-2024-21891 was published Feb 20, 2024
The permission model protects itself against path traversal attacks by calling path.resolve() on... High Unreviewed
CVE-2024-21896 was published Feb 20, 2024
On Linux, Node.js ignores certain environment variables if those may have been set by an... High Unreviewed
CVE-2024-21892 was published Feb 20, 2024
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP... High Unreviewed
CVE-2024-22019 was published Feb 20, 2024
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Rich-Harris
Conduitry dominikg benmccann
A vulnerability has been identified in the Node.js (.msi version) installation process,... High Unreviewed
CVE-2023-30585 was published Nov 28, 2023
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism... High Unreviewed
CVE-2023-30581 was published Nov 23, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
When the Node.js policy feature checks the integrity of a resource against a trusted manifest,... High Unreviewed
CVE-2023-38552 was published Oct 18, 2023
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit... High Unreviewed
CVE-2023-39331 was published Oct 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database