GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5 advisories
pbkdf2 silently disregards Uint8Array input, returning static keys
Critical
CVE-2025-6547
was published
for
pbkdf2
(npm)
Jun 23, 2025
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Critical
CVE-2025-6545
was published
for
pbkdf2
(npm)
Jun 23, 2025
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
Prototype Pollution in minimist
Critical
CVE-2021-44906
was published
for
minimist
(npm)
Mar 18, 2022
OS Command injection in npm-lockfile
Critical
CVE-2022-0841
was published
for
npm-lockfile
(npm)
Mar 4, 2022
ProTip!
Advisories are also available from the
GraphQL API