Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

37 advisories

Loading
Insecure Default Configuration in redbird Moderate
GHSA-8948-ffc6-jg52 was published for redbird (npm) Jun 6, 2019
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Improper Input Validation in url-js Moderate
CVE-2022-25839 was published for url-js (npm) Mar 12, 2022
Improper Input Validation in strapi Moderate
CVE-2020-13961 was published for strapi (npm) May 24, 2022
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util Moderate
CVE-2019-10806 was published for vega-util (npm) May 7, 2021
Improper Input Validation in Google Closure Library Moderate
CVE-2020-8910 was published for google-closure-library (npm) May 7, 2021
Improper beacon events in matrix-js-sdk can result in availability issues Moderate
CVE-2022-39236 was published for matrix-js-sdk (npm) Sep 29, 2022
Improper Validation and Sanitization in url-parse Moderate
CVE-2020-8124 was published for url-parse (npm) Jan 6, 2022
Hostname spoofing via backslashes in URL Moderate
CVE-2020-26291 was published for urijs (npm) Dec 30, 2020
alesandroortiz
Improper Input Validation in sanitize-html Moderate
CVE-2021-26540 was published for sanitize-html (npm) May 6, 2021
Improper Input Validation in SocksJS-Node Moderate
CVE-2020-7693 was published for sockjs (npm) Apr 13, 2021
Leading white space bypasses protocol validation Moderate
CVE-2022-24723 was published for urijs (npm) Mar 3, 2022
P0cas
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
netmask npm package mishandles octal input data Moderate
CVE-2021-29418 was published for netmask (npm) Mar 29, 2021
Sandbox Breakout / Arbitrary Code Execution in static-eval Moderate
CVE-2017-16226 was published for static-eval (npm) Aug 6, 2018
Auth0 angular-jwt misinterprets allowlist as regex Moderate
CVE-2018-11537 was published for angular-jwt (npm) May 14, 2022
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS Moderate
CVE-2023-26364 was published for @adobe/css-tools (npm) Aug 29, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
ProTip! Advisories are also available from the GraphQL API