Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

39 advisories

Loading
Regular Expression Denial of Service (ReDOS) Moderate
CVE-2021-29060 was published for color-string (npm) Jun 22, 2021
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption Moderate
CVE-2022-35915 was published for @openzeppelin/contracts (npm) Aug 14, 2022
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial Credited to nalandial
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
Next.js Allows a Denial of Service (DoS) with Server Actions Moderate
CVE-2024-56332 was published for next (npm) Jan 3, 2025
gnoff Credited to gnoff, ztanner, and eps1lon ztanner ztanner
eps1lon eps1lon
Directus's S3 assets become unavailable after a burst of malformed transformations Moderate
CVE-2025-30225 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela Credited to joselcvarela
Directus's S3 assets become unavailable after a burst of HEAD requests Moderate
CVE-2025-30350 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela Credited to joselcvarela
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-733v-p3h5-qpq7 was published for @escape.tech/graphql-armor-cost-limit (npm) Apr 25, 2025
M0ngi Credited to M0ngi and EvertEt EvertEt EvertEt
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 Credited to imenyoo2 and mwlik mwlik mwlik
mcollina Credited to mcollina and illia-v illia-v illia-v
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint Moderate
CVE-2025-59472 was published for next (npm) Jan 28, 2026
cylewaitforit Credited to cylewaitforit and jesvinjames jesvinjames jesvinjames
vincentkoc Credited to vincentkoc
vincentkoc Credited to vincentkoc
Memory exhaustion in SvelteKit remote form deserialization (experimental only) Moderate
GHSA-vrhm-gvg7-fpcf was published for @sveltejs/kit (npm) Feb 19, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
Astro has memory exhaustion DoS due to missing request body size limit in Server Actions Moderate
CVE-2026-27729 was published for @astrojs/node (npm) Feb 25, 2026
pHo9UBenaA Credited to pHo9UBenaA
OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants Moderate
GHSA-5847-rm3g-23mw was published for openclaw (npm) Mar 3, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check Moderate
GHSA-h656-5vcf-cm23 was published for openclaw (npm) Mar 3, 2026
v8hid Credited to v8hid
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS Moderate
CVE-2026-32011 was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
jackhax Credited to jackhax, mcollina, and UlisesGascon mcollina mcollina
UlisesGascon UlisesGascon
Next.js: Unbounded postponed resume buffering can lead to DoS Moderate
CVE-2026-27979 was published for next (npm) Mar 17, 2026
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands Moderate
CVE-2026-29772 was published for @astrojs/node (npm) Mar 24, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades Moderate
CVE-2026-41399 was published for openclaw (npm) Mar 31, 2026
topsec-bunney Credited to topsec-bunney
ProTip! Advisories are also available from the GraphQL API