GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Multer vulnerable to Denial of Service via deeply nested field names
High
CVE-2026-5079
was published
for
multer
(npm)
Jun 17, 2026
markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations
Moderate
CVE-2026-48988
was published
for
markdown-it
(npm)
Jun 15, 2026
async-http-client: Cookie header not stripped on cross-origin redirect
High
CVE-2026-45300
was published
for
org.asynchttpclient:async-http-client
(Maven)
May 18, 2026
protobuf.js: Denial of service through unbounded protobuf recursion
High
CVE-2026-44289
was published
for
protobufjs
(npm)
May 12, 2026
hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR
Moderate
GHSA-458j-xx4x-4375
was published
for
hono
(npm)
Apr 16, 2026
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)
Moderate
GHSA-vvjj-xcjg-gr5g
was published
for
nodemailer
(npm)
Apr 8, 2026
LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
Moderate
CVE-2026-39412
was published
for
liquidjs
(npm)
Apr 8, 2026
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
High
CVE-2026-33943
was published
for
happy-dom
(npm)
Mar 26, 2026
ProTip!
Advisories are also available from the
GraphQL API