Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,040
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
Withdrawn Advisory: express improperly controls modification of query properties Low
CVE-2024-51999 was published for express (npm) Dec 1, 2025 withdrawn
ctcpip Credited to ctcpip, wesleytodd, jonchurch, bjohansebas, and UlisesGascon wesleytodd wesleytodd
jonchurch jonchurch bjohansebas bjohansebas UlisesGascon UlisesGascon
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas Credited to bjohansebas, ctcpip, Markiz9999, UlisesGascon, wesleytodd, and LinusU ctcpip ctcpip
Markiz9999 Markiz9999 UlisesGascon UlisesGascon wesleytodd wesleytodd LinusU LinusU
Multer vulnerable to Denial of Service from maliciously crafted requests High
CVE-2025-47944 was published for multer (npm) May 19, 2025
max-mathieu Credited to max-mathieu, wesleytodd, ctcpip, UlisesGascon, marco-ippolito, and jonchurch wesleytodd wesleytodd
ctcpip ctcpip UlisesGascon UlisesGascon marco-ippolito marco-ippolito jonchurch jonchurch
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
Express.js Open Redirect in malformed URLs Moderate
CVE-2024-29041 was published for express (npm) Mar 25, 2024
FDrag0n Credited to FDrag0n, jonchurch, blakeembrey, wesleytodd, ruddermann, ctcpip, and UlisesGascon jonchurch jonchurch
blakeembrey blakeembrey wesleytodd wesleytodd ruddermann ruddermann ctcpip ctcpip UlisesGascon UlisesGascon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database