GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Moderate
CVE-2024-28176
was published
for
jose
(npm)
Mar 7, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
Sentry's Astro SDK vulnerable to ReDoS
High
CVE-2023-50249
was published
for
@sentry/astro
(npm)
Dec 18, 2023
DOS by abusing `fetchOptions.retry`.
High
CVE-2023-49800
was published
for
nuxt-api-party
(npm)
Dec 11, 2023
Chaijs/get-func-name vulnerable to ReDoS
High
CVE-2023-43646
was published
for
get-func-name
(npm)
Sep 27, 2023
graphql Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-26144
was published
for
graphql
(npm)
Sep 20, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
is_js vulnerable to Regular Expression Denial of Service
High
CVE-2020-26302
was published
for
is_js
(npm)
Jul 6, 2023
Directus API vulnerable to denial of service
Moderate
CVE-2020-19850
was published
for
directus
(npm)
Apr 4, 2023
Denial of Service vulnerability in lite-web-server
High
CVE-2023-26104
was published
for
lite-web-server
(npm)
Feb 25, 2023
Denial of service due to unlimited number of parts
High
CVE-2023-25576
was published
for
@fastify/multipart
(npm)
Feb 14, 2023
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
ReDoS Vulnerability in ua-parser-js version
High
CVE-2022-25927
was published
for
ua-parser-js
(npm)
Jan 24, 2023
MooTools Regular Expression Denial of Service
High
CVE-2021-32821
was published
for
mootools
(npm)
Jan 3, 2023
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23487
was published
for
libp2p
(npm)
Dec 7, 2022
ToolJet is vulnerable to Denial of Service (DoS)
Moderate
CVE-2022-4111
was published
for
tooljet
(npm)
Nov 22, 2022
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
NocoDB vulnerable to Denial of Service
Moderate
CVE-2022-3423
was published
for
nocodb
(npm)
Oct 7, 2022
v8n vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-35923
was published
for
v8n
(npm)
Oct 7, 2022
ProTip!
Advisories are also available from the
GraphQL API