GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
573 advisories
Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value
Moderate
CVE-2026-34595
was published
for
parse-server
(npm)
Apr 1, 2026
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
High
CVE-2026-33940
was published
for
handlebars
(npm)
Mar 27, 2026
Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
High
CVE-2026-33938
was published
for
handlebars
(npm)
Mar 27, 2026
Handlebars.js has JavaScript Injection via AST Type Confusion
Critical
CVE-2026-33937
was published
for
handlebars
(npm)
Mar 27, 2026
tar-rs incorrectly ignores PAX size headers if header size is nonzero
Moderate
CVE-2026-33055
was published
for
tar
(Rust)
Mar 20, 2026
Qwik City has array method pollution in FormData processing allows type confusion and DoS
High
CVE-2026-32701
was published
for
@builder.io/qwik-city
(npm)
Mar 20, 2026
CPU exhaustion in SvelteKit remote form deserialization (experimental only)
Moderate
GHSA-88qp-p4qg-rqm6
was published
for
@sveltejs/kit
(npm)
Feb 19, 2026
ProTip!
Advisories are also available from the
GraphQL API