Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
Denial of Service (DoS) in mongo-express Moderate
CVE-2021-23372 was published for mongo-express (npm) Oct 6, 2021
Uncaught Exception in mercurius High
CVE-2021-43801 was published for mercurius (npm) Dec 13, 2021
Uncaught Exception in engine.io High
CVE-2022-21676 was published for engine.io (npm) Jan 13, 2022
marwej
Improper Handling of `callbackUrl` parameter in next-auth High
CVE-2022-31093 was published for next-auth (npm) Jun 21, 2022
stensrud
Improper handling of CSS at-rules in lettersanitizer High
CVE-2022-31103 was published for lettersanitizer (npm) Jun 23, 2022
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
fastify vulnerable to denial of service via malicious Content-Type High
CVE-2022-39288 was published for fastify (npm) Oct 11, 2022
B-i-t-K
Insufficient validation when decoding a Socket.IO packet High
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO
Electron context isolation bypass via nested unserializable return value Moderate
CVE-2023-29198 was published for electron (npm) Sep 6, 2023
MarshallOfSound nornagon
Directus is soft-locked by providing a string value to random string util High
CVE-2024-36128 was published for directus (npm) Jun 4, 2024
Zehir
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
ProTip! Advisories are also available from the GraphQL API