Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

63 advisories

Loading
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Path Traversal in superstatic High
GHSA-wm77-q74p-5763 was published for superstatic (npm) Jul 27, 2018
Downloads Resources over HTTP in imageoptim High
CVE-2016-10596 was published for imageoptim (npm) Feb 18, 2019
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath
selenium-binaries downloads resources over HTTP High
CVE-2016-10589 was published for selenium-binaries (npm) Feb 18, 2019
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Packing does not respect root-level ignore files in workspaces High
CVE-2022-29244 was published for npm (npm) Jun 2, 2022
bnb
OS Command Injection in s3-uploader High
CVE-2021-34084 was published for s3-uploader (npm) Jun 3, 2022
OS Command injection in ssl-utils High
CVE-2021-34080 was published for ssl-utils (npm) Jun 3, 2022
OS Command Injection in proctree High
CVE-2021-34082 was published for proctree (npm) Jun 3, 2022
file-type vulnerable to Infinite Loop via malformed MKV file High
CVE-2022-36313 was published for file-type (npm) Jul 22, 2022
kiskoza ItalyPaleAle
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Denial of Service (DoS) in restify-paginate High
CVE-2020-27543 was published for restify-paginate (npm) Apr 12, 2021
Remote code execution via the `pretty` option. High
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
Denial of Service in get-ip-range High
CVE-2021-27191 was published for get-ip-range (npm) Apr 13, 2021
"Arbitrary code execution in socket.io-file" High
CVE-2020-24807 was published for socket.io-file (npm) May 10, 2021
Use of Potentially Dangerous Function in mixme High
CVE-2021-29491 was published for mixme (npm) May 6, 2021
CySirX
Missing Release of Memory after Effective Lifetime in detect-character-encoding High
CVE-2021-39176 was published for detect-character-encoding (npm) Sep 1, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding High
CVE-2021-39157 was published for detect-character-encoding (npm) Aug 25, 2021
Code Injection in total.js High
CVE-2021-32831 was published for total.js (npm) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API