GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
Moderate
CVE-2026-5038
was published
for
multer
(npm)
Jun 17, 2026
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
Moderate
CVE-2026-45740
was published
for
protobufjs
(npm)
May 19, 2026
vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
Moderate
CVE-2026-44000
was published
for
vm2
(npm)
May 7, 2026
fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
Moderate
CVE-2026-35041
was published
for
fast-jwt
(npm)
Apr 9, 2026
fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
Moderate
CVE-2026-35040
was published
for
fast-jwt
(npm)
Apr 9, 2026
fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
Critical
CVE-2026-35039
was published
for
fast-jwt
(npm)
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API