Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
minimatch ReDoS vulnerability High
CVE-2022-3517 was published for minimatch (npm) Oct 18, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban G-Rath
v8n vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-35923 was published for v8n (npm) Oct 7, 2022
vovikhangcdv
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
d3-color vulnerable to ReDoS High
GHSA-36jr-mh4h-2g58 was published for d3-color (npm) Sep 29, 2022
node-opcua DoS when bypassing limitations for excessive memory consumption High
CVE-2022-24375 was published for node-opcua (npm) Aug 25, 2022
Uncontrolled Resource Consumption in node-opcua High
CVE-2022-21208 was published for node-opcua (npm) Aug 24, 2022
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule wejendorp
wwuck paulmillr BGehrels
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
vovikhangcdv
pg-native and libpq vulnerable to uncontrolled resource consumption High
CVE-2022-25852 was published for libpq (npm) Jun 18, 2022
joshbressers
Uncontrolled Resource Consumption in fast-string-search High
CVE-2022-22138 was published for fast-string-search (npm) Jun 18, 2022
Uncontrolled Resource Consumption in Hawk High
CVE-2022-29167 was published for hawk (npm) May 23, 2022
Uncaught Exception in fastify-multipart High
CVE-2021-23597 was published for fastify-multipart (npm) Feb 11, 2022
dellalibera
Regular Expression Denial of Service in Handlebars High
CVE-2019-20922 was published for handlebars (npm) Feb 10, 2022
Regular Expression Denial of Service in djvalidator High
CVE-2020-7779 was published for djvalidator (npm) Feb 9, 2022
ua-parser-js Regular Expression Denial of Service vulnerability High
CVE-2020-7793 was published for ua-parser-js (npm) Feb 9, 2022
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne G-Rath
decsecre583
Inefficient Regular Expression Complexity in marked High
CVE-2022-21680 was published for marked (npm) Jan 14, 2022
makenowjust
Uncontrolled Resource Consumption in parse-link-header High
CVE-2021-23490 was published for parse-link-header (npm) Jan 6, 2022
Improper Input Validation in is-email High
CVE-2021-36716 was published for is-email (npm) Dec 10, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
semver-regex Regular Expression Denial of Service (ReDOS) High
CVE-2021-3795 was published for semver-regex (npm) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database