Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

107 advisories

Loading
The function url.parse() in Node.js v17.7.0 allows attackers to spoof a hostname. Unknown Unreviewed
CVE-2022-27306 was published Apr 3, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)... Moderate Unreviewed
CVE-2021-44532 was published Feb 25, 2022
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low... High Unreviewed
CVE-2021-33205 was published May 24, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0... High Unreviewed
CVE-2016-2086 was published May 17, 2022
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x... High Unreviewed
CVE-2016-2216 was published May 17, 2022
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the... High Unreviewed
CVE-2015-8027 was published May 17, 2022
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node... High Unreviewed
CVE-2015-5380 was published May 17, 2022
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can... High Unreviewed
CVE-2018-7162 was published May 13, 2022
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read()... Critical Unreviewed
CVE-2017-15896 was published May 13, 2022
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker... High Unreviewed
CVE-2018-7161 was published May 13, 2022
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive... Moderate Unreviewed
CVE-2014-5256 was published May 17, 2022
Google V8 computes hash values for form parameters without restricting the ability to trigger... Moderate Unreviewed
CVE-2011-5037 was published May 17, 2022
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can... Moderate Unreviewed
CVE-2018-18524 was published May 24, 2022
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows... Moderate Unreviewed
CVE-2019-13030 was published May 24, 2022
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack... High Unreviewed
CVE-2021-22883 was published May 24, 2022
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js... Critical Unreviewed
CVE-2020-8252 was published May 24, 2022
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests... High Unreviewed
CVE-2020-8251 was published May 24, 2022
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the... Moderate Unreviewed
CVE-2017-15897 was published May 14, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver... Critical Unreviewed
CVE-2020-8201 was published May 24, 2022
An exploitable local privilege elevation vulnerability exists in the file system permissions of... High Unreviewed
CVE-2020-13536 was published May 24, 2022
An exploitable local privilege elevation vulnerability exists in the file system permissions of... High Unreviewed
CVE-2020-13537 was published May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug... Critical Unreviewed
CVE-2020-8265 was published May 24, 2022
Node.js bad High Unreviewed
CVE-2021-22884 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database