GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
7 advisories
ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
High
CVE-2026-8813
was published
for
exifreader
(npm)
May 29, 2026
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
High
CVE-2026-44635
was published
for
kysely
(npm)
May 11, 2026
Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
Low
CVE-2026-44459
was published
for
hono
(npm)
May 9, 2026
Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
Moderate
CVE-2026-33349
was published
for
fast-xml-parser
(npm)
Mar 19, 2026
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
High
CVE-2026-1528
was published
for
undici
(npm)
Mar 13, 2026
ToolJet is vulnerable to Denial of Service (DoS)
Moderate
CVE-2022-4111
was published
for
tooljet
(npm)
Nov 22, 2022
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API