Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

26 advisories

Loading
http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass Moderate
CVE-2026-55602 was published for http-proxy-middleware (npm) Jun 18, 2026
Str1ckl4nd Credited to Str1ckl4nd, Zyy0530, 7thParkk, G-Rath, and ethantkoenig Zyy0530 Zyy0530
7thParkk 7thParkk G-Rath G-Rath ethantkoenig ethantkoenig
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases Moderate
CVE-2026-53550 was published for js-yaml (npm) Jun 15, 2026
0xbughunter Credited to 0xbughunter, soren121, mazze93, G-Rath, dargmuesli, and omgovich soren121 soren121
mazze93 mazze93 G-Rath G-Rath dargmuesli dargmuesli omgovich omgovich
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
validator.js has a URL validation bypass vulnerability in its isURL function Moderate
CVE-2025-56200 was published for validator (npm) Sep 30, 2025
G-Rath Credited to G-Rath, Moumouls, and aleyipsoftwire Moumouls Moumouls
aleyipsoftwire aleyipsoftwire
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th Credited to R4356th, G-Rath, and Pomax G-Rath G-Rath
Pomax Pomax
guiyi-he Credited to guiyi-he and G-Rath G-Rath G-Rath
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath Credited to G-Rath
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin Credited to pquentin, illia-v, and G-Rath illia-v illia-v
G-Rath G-Rath
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath Credited to G-Rath
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath Credited to G-Rath
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
nokarin-dev Credited to nokarin-dev, OIRNOIR, simonkrol, 026f4c881aa25897e961f1c86b5ac8_pfghub, and G-Rath OIRNOIR OIRNOIR
simonkrol simonkrol 026f4c881aa25897e961f1c86b5ac8_pfghub 026f4c881aa25897e961f1c86b5ac8_pfghub G-Rath G-Rath
Server-Side Request Forgery in Request Moderate
CVE-2023-28155 was published for @cypress/request (npm) Mar 16, 2023
NikoRaisanen Credited to NikoRaisanen and G-Rath G-Rath G-Rath
Uncaught exception in engine.io Moderate
CVE-2022-41940 was published for engine.io (npm) Nov 21, 2022
G-Rath Credited to G-Rath
Server-Side Request Forgery in dompdf/dompdf Moderate
CVE-2022-0085 was published for dompdf/dompdf (Composer) Jun 29, 2022
G-Rath Credited to G-Rath
Silverstripe Flash Clipboard Reflected XSS Moderate
CVE-2019-12205 was published for silverstripe/admin (Composer) May 24, 2022
maxime-rainville Credited to maxime-rainville and G-Rath G-Rath G-Rath
Laravel Sensitive Data Exposure Moderate
CVE-2017-14775 was published for illuminate/auth (Composer) May 17, 2022
G-Rath Credited to G-Rath
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov nitaiapiiro nitaiapiiro
DmitriyLewen DmitriyLewen jkmartindale jkmartindale G-Rath G-Rath levpachmanov levpachmanov
Open Redirect in xdLocalStorage Moderate
CVE-2020-11611 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath Credited to G-Rath
Inefficient Regular Expression Complexity in Validator.js Moderate
GHSA-xx4c-jj58-r7x6 was published for validator (npm) Nov 19, 2021
yetingli Credited to yetingli and G-Rath G-Rath G-Rath
Prototype Pollution in json-pointer Moderate
CVE-2021-23820 was published for json-pointer (npm) Nov 8, 2021
G-Rath Credited to G-Rath
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath Credited to G-Rath
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian Credited to akoumjian and G-Rath G-Rath G-Rath
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov Credited to mitchell-codecov, G-Rath, and levpachmanov G-Rath G-Rath
levpachmanov levpachmanov
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (RubyGems) Jul 26, 2018
G-Rath Credited to G-Rath
Regular Expression Denial of Service in slug Moderate
CVE-2017-16117 was published for slug (npm) Jul 24, 2018
G-Rath Credited to G-Rath
ProTip! Advisories are also available from the GraphQL API