Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

73 advisories

Loading
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki tdunlap607
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani pmartinat
tdunlap607
fastify/websocket vulnerable to uncaught exception via crash on malformed packet High
CVE-2022-39386 was published for @fastify/websocket (npm) Nov 7, 2022
marcolanaro ramonsnir
tdunlap607
parse-server crashes when receiving file download request with invalid byte range High
CVE-2022-39313 was published for parse-server (npm) Oct 18, 2022
hej2010 tdunlap607
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
Command Injection in node-windows Critical
CVE-2021-45459 was published for node-windows (npm) Jan 5, 2022
dwisiswant0 tdunlap607
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Remote command injection when using sendmail email transport Moderate
GHSA-wfrj-qqc2-83cm was published for ghost (npm) Sep 20, 2021
tdunlap607
XSS in Image Optimization API for Next.js High
CVE-2021-39178 was published for next (npm) Sep 1, 2021
tdunlap607
Cross-site scripting in TileServer GL Moderate
CVE-2020-15500 was published for tileserver-gl (npm) May 17, 2021
tdunlap607
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
DOM XSS in Theme Preview Moderate
CVE-2021-29484 was published for ghost (npm) Apr 29, 2021
tdunlap607
Prototype Pollution in asciitable.js Critical
CVE-2020-7771 was published for asciitable.js (npm) Apr 13, 2021
tdunlap607
Cross-Site Scripting in swagger-ui Moderate
GHSA-4f9m-pxwh-68hg was published for swagger-ui (npm) Sep 11, 2020
tdunlap607
Cross-Site Scripting in diagram-js Moderate
GHSA-8fw4-xh83-3j6q was published for diagram-js (npm) Sep 11, 2020
tdunlap607
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop tdunlap607
ziviseal
Regular Expression Denial of Service in papaparse High
GHSA-qvjc-g5vr-mfgr was published for papaparse (npm) Sep 4, 2020
tdunlap607
Cross-Site Scripting in @hapi/boom Moderate
GHSA-2ggq-vfcp-gwhj was published for @hapi/boom (npm) Sep 4, 2020
tdunlap607
Cross-Site Scripting in react Moderate
CVE-2013-7035 was published for react (npm) Sep 4, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API