Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads Moderate
CVE-2026-5038 was published for multer (npm) Jun 17, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, HamdaanAliQuatil, fasrm, UlisesGascon, bjohansebas, 0xStraw-Hat, bhaswanthc, ByamB4, sbouabid-sec, DavidCarliez, and JebeenLee HamdaanAliQuatil HamdaanAliQuatil
fasrm fasrm UlisesGascon UlisesGascon bjohansebas bjohansebas 0xStraw-Hat 0xStraw-Hat bhaswanthc bhaswanthc ByamB4 ByamB4 sbouabid-sec sbouabid-sec DavidCarliez DavidCarliez JebeenLee JebeenLee
ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag High
CVE-2026-8813 was published for exifreader (npm) May 29, 2026
yuki-matsuhashi Credited to yuki-matsuhashi
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata Moderate
CVE-2026-8814 was published for exifreader (npm) May 29, 2026
yuki-matsuhashi Credited to yuki-matsuhashi
@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth High
CVE-2026-7768 was published for @fastify/accepts-serializer (npm) May 8, 2026
yuki-matsuhashi Credited to yuki-matsuhashi and UlisesGascon UlisesGascon UlisesGascon
@fastify/static vulnerable to path traversal in directory listing Moderate
CVE-2026-6410 was published for @fastify/static (npm) Apr 16, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, mcollina, UlisesGascon, and climba03003 mcollina mcollina
UlisesGascon UlisesGascon climba03003 climba03003
Multer Vulnerable to Denial of Service via Uncontrolled Recursion High
CVE-2026-3520 was published for multer (npm) Mar 5, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, ctcpip, and UlisesGascon ctcpip ctcpip
UlisesGascon UlisesGascon
ProTip! Advisories are also available from the GraphQL API