Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

101 advisories

Loading
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with... High Unreviewed
CVE-2018-12121 was published May 13, 2022
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The... Critical Unreviewed
CVE-2024-12641 was published Dec 16, 2024
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in... Moderate Unreviewed
CVE-2018-12123 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial... High Unreviewed
CVE-2018-12122 was published May 13, 2022
Claris International has successfully resolved an issue of potentially exposing password... Moderate Unreviewed
CVE-2023-42955 was published May 14, 2024
A vulnerability has been identified in Node.js, affecting users of the experimental permission... Low Unreviewed
CVE-2024-36137 was published Sep 7, 2024
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non... Moderate Unreviewed
CVE-2024-22020 was published Jul 9, 2024
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP... High Unreviewed
CVE-2024-22019 was published Feb 20, 2024
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack... Moderate Unreviewed
CVE-2024-22025 was published Mar 19, 2024
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the... Critical Unreviewed
CVE-2023-32002 was published Aug 21, 2023
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental... High Unreviewed
CVE-2023-30587 was published Sep 7, 2024
fs.openAsBlob() can bypass the experimental permission model when using the file system read... High Unreviewed
CVE-2023-30583 was published Sep 7, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.... Moderate Unreviewed
CVE-2023-39333 was published Sep 7, 2024
A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed
CVE-2023-30582 was published Sep 7, 2024
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed
CVE-2023-46809 was published Sep 7, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed
CVE-2023-30584 was published Sep 7, 2024
The permission model protects itself against path traversal attacks by calling path.resolve() on... High Unreviewed
CVE-2024-21896 was published Feb 20, 2024
setuid() does not affect libuv's internal io_uring operations if initialized before the call to... High Unreviewed
CVE-2024-22017 was published Mar 19, 2024
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment... High Unreviewed
CVE-2024-22169 was published Aug 2, 2024
A vulnerability has been identified in Node.js, affecting users of the experimental permission... Low Unreviewed
CVE-2024-22018 was published Jul 10, 2024
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate... Moderate Unreviewed
CVE-2023-30588 was published Nov 28, 2023
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit... High Unreviewed
CVE-2023-39331 was published Oct 18, 2023
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount... High Unreviewed
CVE-2024-27983 was published Apr 9, 2024
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs... High Unreviewed
CVE-2024-21891 was published Feb 20, 2024
On Linux, Node.js ignores certain environment variables if those may have been set by an... High Unreviewed
CVE-2024-21892 was published Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database