GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2020-28500
was published
for
lodash
(npm)
Jan 6, 2022
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
Moderate
CVE-2021-43843
was published
for
jsx-slack
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
Prototype pollution in paypal-adaptive
Moderate
CVE-2020-7643
was published
for
paypal-adaptive
(npm)
Dec 10, 2021
Improper Input Validation in is-email
High
CVE-2021-36716
was published
for
is-email
(npm)
Dec 10, 2021
Uncontrolled Resource Consumption in strapi
Moderate
CVE-2020-8123
was published
for
strapi-admin
(npm)
Dec 10, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
High
CVE-2021-41167
was published
for
modern-async
(npm)
Oct 21, 2021
Regular Expression Denial of Service in jsoneditor
Moderate
CVE-2021-3822
was published
for
jsoneditor
(npm)
Sep 29, 2021
Regular Expression Denial of Service in millisecond
Moderate
GHSA-m489-xr35-fjxr
was published
for
millisecond
(npm)
Sep 22, 2021
Denial of Service in node-static
Moderate
GHSA-8r4g-cg4m-x23c
was published
for
node-static
(npm)
Sep 22, 2021
prismjs Regular Expression Denial of Service vulnerability
Moderate
CVE-2021-3801
was published
for
prismjs
(npm)
Sep 20, 2021
semver-regex Regular Expression Denial of Service (ReDOS)
High
CVE-2021-3795
was published
for
semver-regex
(npm)
Sep 20, 2021
Inefficient Regular Expression Complexity in vuelidate
High
CVE-2021-3794
was published
for
@vuelidate/validators
(npm)
Sep 20, 2021
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
High
CVE-2021-3777
was published
for
tmpl
(npm)
Sep 20, 2021
Uncontrolled Resource Consumption in trim-off-newlines
Moderate
CVE-2021-23425
was published
for
trim-off-newlines
(npm)
Sep 2, 2021
Uncontrolled Resource Consumption in ansi-html
High
CVE-2021-23424
was published
for
ansi-html
(npm)
Sep 2, 2021
Uncontrolled Resource Consumption in transpile
Moderate
CVE-2021-23429
was published
for
transpile
(npm)
Sep 2, 2021
axios Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-3749
was published
for
axios
(npm)
Sep 1, 2021
Unlimited transforms allowed for signed nodes
Moderate
CVE-2021-39171
was published
for
passport-saml
(npm)
Aug 30, 2021
Regular Expression Denial of Service in path-parse
Moderate
CVE-2021-23343
was published
for
path-parse
(npm)
Aug 10, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32012
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Denial of Service in SheetsJS Pro
Moderate
CVE-2021-32013
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Regular expression denial of service in react-native
High
CVE-2020-1920
was published
for
react-native
(npm)
Jul 20, 2021
Resource exhaustion in socket.io-parser
High
CVE-2020-36049
was published
for
socket.io-parser
(npm)
Jun 30, 2021
ProTip!
Advisories are also available from the
GraphQL API