GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Moderate
CVE-2022-35949
was published
for
undici
(npm)
Aug 18, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
undici before v5.8.0 vulnerable to CRLF injection in request headers
Moderate
CVE-2022-31150
was published
for
undici
(npm)
Jul 21, 2022
Smokescreen SSRF via deny list bypass (square brackets)
Moderate
CVE-2022-29188
was published
for
github.com/stripe/smokescreen
(Go)
May 24, 2022
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
url-parse Incorrectly parses URLs that include an '@'
Moderate
CVE-2022-0639
was published
for
url-parse
(npm)
Feb 18, 2022
Improper Restriction of XML External Entity Reference in skylot/jadx
Moderate
CVE-2022-0219
was published
for
io.github.skylot:jadx-core
(Maven)
Jan 21, 2022
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-0086
was published
for
uppy
(npm)
Jan 6, 2022
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Moderate
CVE-2021-41273
was published
for
pterodactyl/panel
(Composer)
Nov 18, 2021
ProTip!
Advisories are also available from the
GraphQL API