Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (npm) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale
jsx-slack insufficient patch for CVE-2021-43838 ReDoS Moderate
CVE-2021-43843 was published for jsx-slack (npm) Jan 6, 2022
hieki
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Prototype pollution in paypal-adaptive Moderate
CVE-2020-7643 was published for paypal-adaptive (npm) Dec 10, 2021
Improper Input Validation in is-email High
CVE-2021-36716 was published for is-email (npm) Dec 10, 2021
Uncontrolled Resource Consumption in strapi Moderate
CVE-2020-8123 was published for strapi-admin (npm) Dec 10, 2021
J3rry-1729
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
Regular Expression Denial of Service in millisecond Moderate
GHSA-m489-xr35-fjxr was published for millisecond (npm) Sep 22, 2021
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
prismjs Regular Expression Denial of Service vulnerability Moderate
CVE-2021-3801 was published for prismjs (npm) Sep 20, 2021
semver-regex Regular Expression Denial of Service (ReDOS) High
CVE-2021-3795 was published for semver-regex (npm) Sep 20, 2021
Inefficient Regular Expression Complexity in vuelidate High
CVE-2021-3794 was published for @vuelidate/validators (npm) Sep 20, 2021
madcatone
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion High
CVE-2021-3777 was published for tmpl (npm) Sep 20, 2021
Uncontrolled Resource Consumption in trim-off-newlines Moderate
CVE-2021-23425 was published for trim-off-newlines (npm) Sep 2, 2021
Uncontrolled Resource Consumption in ansi-html High
CVE-2021-23424 was published for ansi-html (npm) Sep 2, 2021
Diddern
Uncontrolled Resource Consumption in transpile Moderate
CVE-2021-23429 was published for transpile (npm) Sep 2, 2021
axios Inefficient Regular Expression Complexity vulnerability High
CVE-2021-3749 was published for axios (npm) Sep 1, 2021
Unlimited transforms allowed for signed nodes Moderate
CVE-2021-39171 was published for passport-saml (npm) Aug 30, 2021
pp-ps
Regular Expression Denial of Service in path-parse Moderate
CVE-2021-23343 was published for path-parse (npm) Aug 10, 2021
Denial of Service in SheetJS Pro Moderate
CVE-2021-32012 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Denial of Service in SheetsJS Pro Moderate
CVE-2021-32013 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Denial of Service in SheetJS Pro Moderate
CVE-2021-32014 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Regular expression denial of service in react-native High
CVE-2020-1920 was published for react-native (npm) Jul 20, 2021
Resource exhaustion in socket.io-parser High
CVE-2020-36049 was published for socket.io-parser (npm) Jun 30, 2021
ProTip! Advisories are also available from the GraphQL API