Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4 advisories

Loading
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies Moderate
CVE-2026-9595 was published for webpack-dev-server (npm) Jun 17, 2026
bjohansebas Credited to bjohansebas and UlisesGascon UlisesGascon UlisesGascon
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads Moderate
CVE-2026-5038 was published for multer (npm) Jun 17, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, HamdaanAliQuatil, fasrm, UlisesGascon, bjohansebas, 0xStraw-Hat, bhaswanthc, ByamB4, sbouabid-sec, DavidCarliez, and JebeenLee HamdaanAliQuatil HamdaanAliQuatil
fasrm fasrm UlisesGascon UlisesGascon bjohansebas bjohansebas 0xStraw-Hat 0xStraw-Hat bhaswanthc bhaswanthc ByamB4 ByamB4 sbouabid-sec sbouabid-sec DavidCarliez DavidCarliez JebeenLee JebeenLee
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins Moderate
CVE-2026-6402 was published for webpack-dev-server (npm) May 18, 2026
sapphi-red Credited to sapphi-red, UlisesGascon, bjohansebas, and alexander-akait UlisesGascon UlisesGascon
bjohansebas bjohansebas alexander-akait alexander-akait
body-parser is vulnerable to denial of service when url encoding is used Moderate
CVE-2025-13466 was published for body-parser (npm) Nov 25, 2025
Phillip9587 Credited to Phillip9587, bjohansebas, UlisesGascon, ctcpip, sheplu, and jonchurch bjohansebas bjohansebas
UlisesGascon UlisesGascon ctcpip ctcpip sheplu sheplu jonchurch jonchurch
ProTip! Advisories are also available from the GraphQL API