Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Denial of Service (DoS) via the unsetByPath function in jsjoints High
CVE-2020-28479 was published for jointjs (npm) Apr 13, 2021
Prototype Pollution in asciitable.js Critical
CVE-2020-7771 was published for asciitable.js (npm) Apr 13, 2021
tdunlap607
Uncontrolled Resource Consumption in rdf-graph-array Moderate
CVE-2019-10798 was published for rdf-graph-array (npm) Apr 13, 2021
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
Prototype Pollution in decal High
CVE-2020-28449 was published for decal (npm) Apr 13, 2021
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect Moderate
CVE-2020-28501 was published for es6-crawler-detect (npm) Apr 13, 2021
Denial of Service in get-ip-range High
CVE-2021-27191 was published for get-ip-range (npm) Apr 13, 2021
Regular expression Denial of Service in multiple packages Moderate
CVE-2021-21391 was published for @ckeditor/ckeditor5-engine (npm) Apr 6, 2021
Regular Expression Denial of Service (ReDoS) High
CVE-2021-28092 was published for is-svg (npm) Mar 19, 2021
Regular Expression Denial of Service (ReDoS) High
CVE-2021-27290 was published for ssri (npm) Mar 19, 2021
printf vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-23354 was published for printf (npm) Mar 19, 2021
Regular Expression Denial-of-Service in npm schema-inspector High
CVE-2021-21267 was published for schema-inspector (npm) Mar 19, 2021
erik-krogh
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) Moderate
CVE-2021-23346 was published for html-parse-stringify (npm) Mar 18, 2021
jspdf vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-23353 was published for jspdf (npm) Mar 12, 2021
Regular expression Denial of Service in @progfay/scrapbox-parser Moderate
CVE-2021-27405 was published for @progfay/scrapbox-parser (npm) Mar 1, 2021
progfay
Denial of service in three High
CVE-2020-28496 was published for three (npm) Mar 1, 2021
Denial of service in prismjs High
CVE-2021-23341 was published for prismjs (npm) Mar 1, 2021
Regular Expression Denial of Service (REDoS) in Marked Moderate
CVE-2021-21306 was published for marked (npm) Feb 8, 2021
Xegyn calculuschild
Prototype pollution in total.js High
CVE-2020-28495 was published for total.js (npm) Feb 5, 2021
Prototype pollution in dotty Critical
CVE-2021-25912 was published for dotty (npm) Feb 5, 2021
Denial of Service in uap-core High
CVE-2021-21317 was published for uap-core (npm) Feb 2, 2021
Prototype pollution in nested-object-assign High
CVE-2021-23329 was published for nested-object-assign (npm) Feb 1, 2021
CKEditor 5 Markdown plugin Regular expression Denial of Service Moderate
CVE-2021-21254 was published for @ckeditor/ckeditor5-markdown-gfm (npm) Jan 29, 2021
Prototype pollution in gsap High
CVE-2020-28478 was published for gsap (npm) Jan 20, 2021
Prototype pollution in JointJS High
CVE-2020-28480 was published for jointjs (npm) Jan 20, 2021
ProTip! Advisories are also available from the GraphQL API