Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Multer Vulnerable to Denial of Service via Uncontrolled Recursion High
CVE-2026-3520 was published for multer (npm) Mar 5, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, ctcpip, and UlisesGascon ctcpip ctcpip
UlisesGascon UlisesGascon
Multer vulnerable to Denial of Service via incomplete cleanup High
CVE-2026-3304 was published for multer (npm) Mar 1, 2026
EthanKim88 Credited to EthanKim88, ctcpip, UlisesGascon, and bjohansebas ctcpip ctcpip
UlisesGascon UlisesGascon bjohansebas bjohansebas
Multer vulnerable to Denial of Service via resource exhaustion High
CVE-2026-2359 was published for multer (npm) Mar 1, 2026
ctcpip Credited to ctcpip, nawin23, UlisesGascon, sheplu, and bjohansebas nawin23 nawin23
UlisesGascon UlisesGascon sheplu sheplu bjohansebas bjohansebas
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpip Credited to ctcpip, UlisesGascon, and LinusU UlisesGascon UlisesGascon
LinusU LinusU
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas Credited to bjohansebas, ctcpip, Markiz9999, UlisesGascon, wesleytodd, and LinusU ctcpip ctcpip
Markiz9999 Markiz9999 UlisesGascon UlisesGascon wesleytodd wesleytodd LinusU LinusU
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu Credited to max-mathieu, wesleytodd, ctcpip, UlisesGascon, marco-ippolito, and jonchurch wesleytodd wesleytodd
ctcpip ctcpip UlisesGascon UlisesGascon marco-ippolito marco-ippolito jonchurch jonchurch
Multer vulnerable to Denial of Service via memory leaks from unclosed streams High
CVE-2025-47935 was published for multer (npm) May 19, 2025
ctcpip Credited to ctcpip, UlisesGascon, and UnlimitedBytes UlisesGascon UlisesGascon
UnlimitedBytes UnlimitedBytes
path-to-regexp contains a ReDoS High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey Credited to blakeembrey, ctcpip, goshop4eva, and dloetzke ctcpip ctcpip
goshop4eva goshop4eva dloetzke dloetzke
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon Credited to UlisesGascon, ctcpip, AdamKorcz, and blakeembrey ctcpip ctcpip
AdamKorcz AdamKorcz blakeembrey blakeembrey
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey Credited to blakeembrey, ctcpip, uniabis, stbenjam, pseudoralph, mschfh, jusemon, panva, alenovik, and jaydeep-bypt ctcpip ctcpip
uniabis uniabis stbenjam stbenjam pseudoralph pseudoralph mschfh mschfh jusemon jusemon panva panva alenovik alenovik jaydeep-bypt jaydeep-bypt
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects High
CVE-2024-43367 was published for boa_engine (Rust) Aug 14, 2024
ctcpip Credited to ctcpip, arai-a, jedel1043, jasonwilliams, and nekevss arai-a arai-a
jedel1043 jedel1043 jasonwilliams jasonwilliams nekevss nekevss
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database