GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
Moderate
CVE-2026-8723
was published
for
qs
(npm)
May 22, 2026
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Moderate
CVE-2025-13465
was published
for
lodash
(npm)
Jan 21, 2026
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
Moderate
CVE-2025-15284
was published
for
qs
(npm)
Dec 30, 2025
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
url-parse Incorrectly parses URLs that include an '@'
Moderate
CVE-2022-0639
was published
for
url-parse
(npm)
Feb 18, 2022
Authorization bypass in url-parse
Moderate
CVE-2022-0512
was published
for
url-parse
(npm)
Feb 15, 2022
Improper Validation and Sanitization in url-parse
Moderate
CVE-2020-8124
was published
for
url-parse
(npm)
Jan 6, 2022
Cross-Site Scripting in backbone
Moderate
CVE-2016-10537
was published
for
backbone
(npm)
Feb 18, 2019
ProTip!
Advisories are also available from the
GraphQL API