Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,177 advisories

Loading
music-metadata has an infinite loop vulnerability in ASF parser High
CVE-2026-32256 was published for music-metadata (npm) Mar 17, 2026
ByamB4 Credited to ByamB4
Parse Server affected by empty authData bypassing credential requirement on signup Moderate
CVE-2026-33042 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
deprrous Credited to deprrous
Nest Fastify HEAD Request Middleware Bypass High
CVE-2026-33011 was published for @nestjs/platform-fastify (npm) Mar 17, 2026
kamilmysliwiec Credited to kamilmysliwiec
Parse Server LiveQuery subscription with invalid regular expression crashes server Moderate
CVE-2026-32770 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server session creation endpoint allows overwriting server-generated session fields Moderate
CVE-2026-32742 was published for parse-server (npm) Mar 17, 2026
mtrezza Credited to mtrezza
Parse Server vulnerable to schema poisoning via prototype pollution in deep copy Moderate
CVE-2026-32878 was published for parse-server (npm) Mar 17, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server's Cloud function dispatch crashes server via prototype chain traversal High
CVE-2026-32886 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server has a password reset token single-use bypass via concurrent requests Low
GHSA-r3xq-68wh-gwvh was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server crash via deeply nested query condition operators High
GHSA-9xp9-j92r-p88v was published for parse-server (npm) Mar 17, 2026
mtrezza Credited to mtrezza
jsPDF has HTML Injection in New Window paths Critical
CVE-2026-31938 was published for jspdf (npm) Mar 17, 2026
sofianeelhor Credited to sofianeelhor and peaktwilight peaktwilight peaktwilight
jsPDF has a PDF Object Injection via FreeText color High
CVE-2026-31898 was published for jspdf (npm) Mar 17, 2026
sofianeelhor Credited to sofianeelhor and peaktwilight peaktwilight peaktwilight
Elysia Cookie Value Prototype Pollution Moderate
CVE-2026-31865 was published for elysia (npm) Mar 17, 2026
Next.js: HTTP request smuggling in rewrites Moderate
CVE-2026-29057 was published for next (npm) Mar 17, 2026
Next.js: Unbounded next/image disk cache growth can exhaust storage Moderate
CVE-2026-27980 was published for next (npm) Mar 17, 2026
Next.js: Unbounded postponed resume buffering can lead to DoS Moderate
CVE-2026-27979 was published for next (npm) Mar 17, 2026
Next.js: null origin can bypass Server Actions CSRF checks Moderate
CVE-2026-27978 was published for next (npm) Mar 17, 2026
Next.js: null origin can bypass dev HMR websocket CSRF checks Low
CVE-2026-27977 was published for next (npm) Mar 17, 2026
radu33 Credited to radu33 and xdavidhu xdavidhu xdavidhu
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali Credited to JafarAkhondali
Angular vulnerable to XSS in i18n attribute bindings High
CVE-2026-32635 was published for @angular/compiler (npm) Mar 13, 2026
alan-agius4 Credited to alan-agius4, AndrewKushnir, securityMB, josephperrott, crisbeto, and hdtmccallie AndrewKushnir AndrewKushnir
securityMB securityMB josephperrott josephperrott crisbeto crisbeto hdtmccallie hdtmccallie
Parse Server's GraphQL WebSocket endpoint bypasses security middleware Moderate
CVE-2026-32594 was published for parse-server (npm) Mar 13, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry Moderate
CVE-2026-32630 was published for file-type (npm) Mar 13, 2026
ByamB4 Credited to ByamB4
tdjackey Credited to tdjackey
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API High
CVE-2026-30946 was published for parse-server (npm) Mar 11, 2026
mtrezza Credited to mtrezza
ProTip! Advisories are also available from the GraphQL API