GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,177 advisories
music-metadata has an infinite loop vulnerability in ASF parser
High
CVE-2026-32256
was published
for
music-metadata
(npm)
Mar 17, 2026
Parse Server affected by empty authData bypassing credential requirement on signup
Moderate
CVE-2026-33042
was published
for
parse-server
(npm)
Mar 17, 2026
fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)
High
CVE-2026-33036
was published
for
fast-xml-parser
(npm)
Mar 17, 2026
Nest Fastify HEAD Request Middleware Bypass
High
CVE-2026-33011
was published
for
@nestjs/platform-fastify
(npm)
Mar 17, 2026
Parse Server LiveQuery subscription with invalid regular expression crashes server
Moderate
CVE-2026-32770
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server session creation endpoint allows overwriting server-generated session fields
Moderate
CVE-2026-32742
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server vulnerable to schema poisoning via prototype pollution in deep copy
Moderate
CVE-2026-32878
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server's Cloud function dispatch crashes server via prototype chain traversal
High
CVE-2026-32886
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server has a password reset token single-use bypass via concurrent requests
Low
GHSA-r3xq-68wh-gwvh
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server crash via deeply nested query condition operators
High
GHSA-9xp9-j92r-p88v
was published
for
parse-server
(npm)
Mar 17, 2026
jsPDF has HTML Injection in New Window paths
Critical
CVE-2026-31938
was published
for
jspdf
(npm)
Mar 17, 2026
jsPDF has a PDF Object Injection via FreeText color
High
CVE-2026-31898
was published
for
jspdf
(npm)
Mar 17, 2026
Next.js: null origin can bypass dev HMR websocket CSRF checks
Low
CVE-2026-27977
was published
for
next
(npm)
Mar 17, 2026
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
Angular vulnerable to XSS in i18n attribute bindings
High
CVE-2026-32635
was published
for
@angular/compiler
(npm)
Mar 13, 2026
Parse Server's GraphQL WebSocket endpoint bypasses security middleware
Moderate
CVE-2026-32594
was published
for
parse-server
(npm)
Mar 13, 2026
file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry
Moderate
CVE-2026-32630
was published
for
file-type
(npm)
Mar 13, 2026
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
High
CVE-2026-32063
was published
for
openclaw
(npm)
Mar 3, 2026
Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API
High
CVE-2026-30946
was published
for
parse-server
(npm)
Mar 11, 2026
ProTip!
Advisories are also available from the
GraphQL API