GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
@fastify/static vulnerable to route guard bypass via encoded path separators
Moderate
CVE-2026-6414
was published
for
@fastify/static
(npm)
Apr 16, 2026
Hono: Middleware bypass via repeated slashes in serveStatic
Moderate
CVE-2026-39407
was published
for
hono
(npm)
Apr 8, 2026
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Moderate
CVE-2026-4923
was published
for
path-to-regexp
(npm)
Mar 27, 2026
path-to-regexp vulnerable to Denial of Service via sequential optional groups
High
CVE-2026-4926
was published
for
path-to-regexp
(npm)
Mar 27, 2026
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
High
CVE-2026-4867
was published
for
path-to-regexp
(npm)
Mar 27, 2026
path-to-regexp contains a ReDoS
High
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
Express.js Open Redirect in malformed URLs
Moderate
CVE-2024-29041
was published
for
express
(npm)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API