GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
101 advisories
Filter by severity
Incorrect Permission Assignment for Critical Resource in Node
High
Unreviewed
CVE-2021-22921
was published
Jul 13, 2021
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to...
High
Unreviewed
CVE-2021-44531
was published
Feb 25, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)...
Moderate
Unreviewed
CVE-2021-44532
was published
Feb 25, 2022
The function url.parse() in Node.js v17.7.0 allows attackers to spoof a hostname.
Unknown
Unreviewed
CVE-2022-27306
was published
Apr 3, 2022
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3987
was published
May 13, 2022
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js...
High
Unreviewed
CVE-2019-5739
was published
May 13, 2022
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before...
High
Unreviewed
CVE-2019-5737
was published
May 13, 2022
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer...
High
Unreviewed
CVE-2018-7166
was published
May 13, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can...
High
Unreviewed
CVE-2018-12116
was published
May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in...
Moderate
Unreviewed
CVE-2018-12123
was published
May 13, 2022
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could...
High
Unreviewed
CVE-2018-7167
was published
May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with...
High
Unreviewed
CVE-2018-12121
was published
May 13, 2022
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker...
High
Unreviewed
CVE-2018-7161
was published
May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial...
High
Unreviewed
CVE-2018-12122
was published
May 13, 2022
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding ...
High
Unreviewed
CVE-2018-12115
was published
May 13, 2022
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can...
High
Unreviewed
CVE-2018-7162
was published
May 13, 2022
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug...
High
Unreviewed
CVE-2018-7164
was published
May 13, 2022
The `'path'` module in the Node.js 4.x release line contains a potential regular expression...
High
Unreviewed
CVE-2018-7158
was published
May 13, 2022
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header,...
Moderate
Unreviewed
CVE-2018-7159
was published
May 13, 2022
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does...
Moderate
Unreviewed
CVE-2012-2330
was published
May 13, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by...
High
Unreviewed
CVE-2018-12120
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API