Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys Moderate
CVE-2021-41273 was published for pterodactyl/panel (Composer) Nov 18, 2021
Haxatron
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-0086 was published for uppy (npm) Jan 6, 2022
Haxatron
Improper Restriction of XML External Entity Reference in skylot/jadx Moderate
CVE-2022-0219 was published for io.github.skylot:jadx-core (Maven) Jan 21, 2022
Haxatron
url-parse Incorrectly parses URLs that include an '@' Moderate
CVE-2022-0639 was published for url-parse (npm) Feb 18, 2022
Haxatron
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. Moderate
CVE-2022-0691 was published for url-parse (npm) Feb 22, 2022
jhutchings1 Kenny2github
y-yagi Haxatron
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Smokescreen SSRF via deny list bypass (square brackets) Moderate
CVE-2022-29188 was published for github.com/stripe/smokescreen (Go) May 24, 2022
Haxatron
undici before v5.8.0 vulnerable to CRLF injection in request headers Moderate
CVE-2022-31150 was published for undici (npm) Jul 21, 2022
Haxatron
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
`undici.request` vulnerable to SSRF using absolute URL on `pathname` Moderate
CVE-2022-35949 was published for undici (npm) Aug 18, 2022
Haxatron
ProTip! Advisories are also available from the GraphQL API