GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
css-what vulnerable to ReDoS due to use of insecure regular expression
High
CVE-2022-21222
was published
for
css-what
(npm)
Oct 1, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Moderate
CVE-2022-36083
was published
for
jose
(npm)
Sep 16, 2022
node-opcua DoS when bypassing limitations for excessive memory consumption
High
CVE-2022-24375
was published
for
node-opcua
(npm)
Aug 25, 2022
Uncontrolled Resource Consumption in node-opcua
High
CVE-2022-21208
was published
for
node-opcua
(npm)
Aug 24, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Moderate
CVE-2022-35915
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
node-fetch Inefficient Regular Expression Complexity
Moderate
CVE-2022-2596
was published
for
node-fetch
(npm)
Aug 2, 2022
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
High
CVE-2021-35065
was published
for
glob-parent
(npm)
Jul 18, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-31129
was published
for
Moment.js
(npm)
Jul 6, 2022
Denial of Service (DoS) vulnerability in RSSHub
Moderate
CVE-2022-31110
was published
for
rsshub
(npm)
Jun 23, 2022
Uncontrolled Resource Consumption in fast-string-search
High
CVE-2022-22138
was published
for
fast-string-search
(npm)
Jun 18, 2022
pg-native and libpq vulnerable to uncontrolled resource consumption
High
CVE-2022-25852
was published
for
libpq
(npm)
Jun 18, 2022
Uncontrolled Resource Consumption in Hawk
High
CVE-2022-29167
was published
for
hawk
(npm)
May 23, 2022
Uncaught Exception in fastify-multipart
High
CVE-2021-23597
was published
for
fastify-multipart
(npm)
Feb 11, 2022
Regular Expression Denial of Service in Handlebars
High
CVE-2019-20922
was published
for
handlebars
(npm)
Feb 10, 2022
Regular Expression Denial of Service in djvalidator
High
CVE-2020-7779
was published
for
djvalidator
(npm)
Feb 9, 2022
ua-parser-js Regular Expression Denial of Service vulnerability
High
CVE-2020-7793
was published
for
ua-parser-js
(npm)
Feb 9, 2022
Denial of Service Vulnerability in next.js
Moderate
CVE-2022-21721
was published
for
next
(npm)
Jan 28, 2022
Inefficient Regular Expression Complexity in marked
High
CVE-2022-21680
was published
for
marked
(npm)
Jan 14, 2022
Uncontrolled Resource Consumption in markdown-it
Moderate
CVE-2022-21670
was published
for
markdown-it
(npm)
Jan 12, 2022
Regular Expression Denial of Service in postcss
Moderate
CVE-2021-23382
was published
for
postcss
(npm)
Jan 7, 2022
Uncontrolled Resource Consumption in parse-link-header
High
CVE-2021-23490
was published
for
parse-link-header
(npm)
Jan 6, 2022
Regular expression deinal of service (ReDoS) in is-my-json-valid
Moderate
CVE-2018-1107
was published
for
is-my-json-valid
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API