Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Haraka affected by DoS via `__proto__` email header High
CVE-2026-34752 was published for Haraka (npm) Apr 1, 2026
sebastianosrt Credited to sebastianosrt and msimerson msimerson msimerson
Parse Server LiveQuery subscription with invalid regular expression crashes server Moderate
CVE-2026-32770 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation High
CVE-2026-2229 was published for undici (npm) Mar 13, 2026
aisle-research Credited to aisle-research, mcollina, and UlisesGascon mcollina mcollina
UlisesGascon UlisesGascon
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client High
CVE-2026-1528 was published for undici (npm) Mar 13, 2026
mcollina Credited to mcollina and UlisesGascon UlisesGascon UlisesGascon
fast-xml-parser has RangeError DoS Numeric Entities Bug High
CVE-2026-25128 was published for fast-xml-parser (npm) Jan 30, 2026
mistersiddd Credited to mistersiddd
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering High
CVE-2025-67647 was published for @sveltejs/adapter-node (npm) Jan 15, 2026
cold-try Credited to cold-try, teemingc, benmccann, and d-xuan teemingc teemingc
benmccann benmccann d-xuan d-xuan
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds Credited to asareynolds
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpip Credited to ctcpip, UlisesGascon, and LinusU UlisesGascon UlisesGascon
LinusU LinusU
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer Credited to finalgamer
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas Credited to bjohansebas, ctcpip, Markiz9999, UlisesGascon, wesleytodd, and LinusU ctcpip ctcpip
Markiz9999 Markiz9999 UlisesGascon UlisesGascon wesleytodd wesleytodd LinusU LinusU
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu Credited to max-mathieu, wesleytodd, ctcpip, UlisesGascon, marco-ippolito, and jonchurch wesleytodd wesleytodd
ctcpip ctcpip UlisesGascon UlisesGascon marco-ippolito marco-ippolito jonchurch jonchurch
tRPC 11 WebSocket DoS Vulnerability High
CVE-2025-43855 was published for @trpc/server (npm) Apr 24, 2025
lukechilds Credited to lukechilds
engine.io Uncaught Exception vulnerability Moderate
CVE-2023-31125 was published for engine.io (npm) May 3, 2023
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling Moderate
CVE-2024-31217 was published for @strapi/plugin-upload (npm) Jun 12, 2024
CxDavidepaalte Credited to CxDavidepaalte, derrickmehaffy, Marc-Roig, and alexandrebodin derrickmehaffy derrickmehaffy
Marc-Roig Marc-Roig alexandrebodin alexandrebodin
Uncaught Exception in yaml High
CVE-2023-2251 was published for yaml (npm) Apr 24, 2023
chadlwilson Credited to chadlwilson, pmartinat, and mrgrain pmartinat pmartinat
mrgrain mrgrain
DoS vulnerability for apps with sockets enabled High
CVE-2023-38504 was published for sails (npm) Jul 27, 2023
ThomasRinsma Credited to ThomasRinsma, DominusKelvin, and eashaw DominusKelvin DominusKelvin
eashaw eashaw
Crash in HeaderParser in dicer High
CVE-2022-24434 was published for dicer (Maven) May 21, 2022
dloetzke Credited to dloetzke
Denial of Service in sequelize Moderate
GHSA-fw4p-36j9-rrj3 was published for sequelize (npm) Sep 3, 2020
fastify/websocket vulnerable to uncaught exception via crash on malformed packet High
CVE-2022-39386 was published for @fastify/websocket (npm) Nov 7, 2022
marcolanaro Credited to marcolanaro, ramonsnir, and tdunlap607 ramonsnir ramonsnir
tdunlap607 tdunlap607
mercurius has Uncaught Exception when using subscriptions Moderate
CVE-2023-22477 was published for mercurius (npm) Jan 9, 2023
marcolanaro Credited to marcolanaro
DOS and Open Redirect with user input High
CVE-2021-22964 was published for fastify-static (npm) Oct 12, 2021
Uncaught exception in engine.io Moderate
CVE-2022-41940 was published for engine.io (npm) Nov 21, 2022
G-Rath Credited to G-Rath
Uncaught Exception in bignum High
CVE-2022-25324 was published for bignum (npm) May 7, 2022
Denial-of-Service when binding invalid parameters in sqlite3 High
CVE-2022-21227 was published for sqlite3 (npm) Apr 28, 2022
cristianstaicu Credited to cristianstaicu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database