Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23 advisories

Loading
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath
Inefficient Regular Expression Complexity in Validator.js Moderate
GHSA-xx4c-jj58-r7x6 was published for validator (npm) Nov 19, 2021
yetingli G-Rath
Regular Expression Denial of Service in slug Moderate
CVE-2017-16117 was published for slug (npm) Jul 24, 2018
G-Rath
Prototype Pollution in json-pointer Moderate
CVE-2021-23820 was published for json-pointer (npm) Nov 8, 2021
G-Rath
Improper Input Validation in xdLocalStorage High
CVE-2015-9545 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne G-Rath
Uncaught exception in engine.io Moderate
CVE-2022-41940 was published for engine.io (npm) Nov 21, 2022
G-Rath
Improper Input Validation in xdLocalStorage High
CVE-2015-9544 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Open Redirect in xdLocalStorage Moderate
CVE-2020-11611 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Regular Expression Denial of Service in clean-css Low
GHSA-wxhq-pm8v-cw75 was published for clean-css (npm) Jun 5, 2019
G-Rath
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url Critical
CVE-2022-2900 was published for parse-url (npm) Sep 15, 2022
allanlewis G-Rath
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath
Inefficient Regular Expression Complexity in chalk/ansi-regex High
CVE-2021-3807 was published for ansi-regex (npm) Sep 20, 2021
MylesBorins cji-stripe
G-Rath
decode-uri-component vulnerable to Denial of Service (DoS) High
CVE-2022-38900 was published for decode-uri-component (npm) Nov 28, 2022
G-Rath
Regular expression denial of service in scss-tokenizer High
CVE-2022-25758 was published for scss-tokenizer (npm) Jul 2, 2022
jhutchings1 G-Rath
tomas-cerney
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
brokenedtzjs OIRNOIR
simonkrol Harrington-Joe_pfghub G-Rath
Server-Side Request Forgery in Request Moderate
CVE-2023-28155 was published for @cypress/request (npm) Mar 16, 2023
NikoRaisanen G-Rath
Regular Expression Denial of Service in debug Low
CVE-2017-16137 was published for debug (npm) Aug 9, 2018
G-Rath SamHutchins-Sage
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban G-Rath
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath levpachmanov
dotboris iFreilicht
Express Open Redirect vulnerability Low
CVE-2024-9266 was published for express (npm) Oct 3, 2024
m3t3kh4n G-Rath
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm G-Rath
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain G-Rath
ProTip! Advisories are also available from the GraphQL API