Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,440
Erlang
29
GitHub Actions
16
Go
1,665
Maven
4,925
npm
3,453
NuGet
594
pip
2,854
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

16 advisories

sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-30608 was published for sqlparse (pip) Apr 21, 2023
erik-krogh
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method High
CVE-2022-31147 was published for jquery-validation (npm) Jul 5, 2022
erik-krogh bytestream
mthreer
DOM-based cross-site scripting in Froala Editor Moderate
CVE-2019-19935 was published for froala-editor (npm) Feb 10, 2022
erik-krogh
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button High
CVE-2021-43785 was published for @joeattardi/emoji-button (npm) Dec 1, 2021
erik-krogh agustingianni
Clipboard-based XSS High
CVE-2021-41086 was published for jsuites (npm) Sep 22, 2021
intrigus-lgtm bananabr
erik-krogh
CWE-730 Regex injection with IFTTT Plugin High
CVE-2021-39229 was published for apprise (pip) Sep 20, 2021
kevinbackhouse erik-krogh
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Regular Expression Denial of Service in flask-restx High
CVE-2021-32838 was published for flask-restx (pip) Sep 8, 2021
erik-krogh yoff
Passing in a non-string 'html' argument can lead to unsanitized output Moderate
CVE-2021-32696 was published for striptags (npm) Jun 18, 2021
erik-krogh
Node-Redis potential exponential regex in monitor mode High
CVE-2021-29469 was published for redis (npm) Apr 27, 2021
erik-krogh
Command injection vulnerability in @prisma/sdk in getPackedPackage function High
CVE-2021-21414 was published for @prisma/sdk (npm) Apr 6, 2021
erik-krogh
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values Moderate
CVE-2021-21412 was published for @thi.ng/egf (npm) Apr 6, 2021
erik-krogh
Regular Expression Denial-of-Service in npm schema-inspector High
CVE-2021-21267 was published for schema-inspector (npm) Mar 19, 2021
erik-krogh
Regular Expression Denial of Service in jquery-validation High
CVE-2021-21252 was published for jQuery.Validation (npm) Jan 13, 2021
erik-krogh pwntester
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Materialize-css vulnerable to Cross-site Scripting in autocomplete component Moderate
CVE-2019-11003 was published for @materializecss/materialize (npm) Apr 9, 2019
erik-krogh
ProTip! Advisories are also available from the GraphQL API