GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
234 advisories
Filter by severity
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23487
was published
for
libp2p
(npm)
Dec 7, 2022
ToolJet is vulnerable to Denial of Service (DoS)
Moderate
CVE-2022-4111
was published
for
tooljet
(npm)
Nov 22, 2022
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
NocoDB vulnerable to Denial of Service
Moderate
CVE-2022-3423
was published
for
nocodb
(npm)
Oct 7, 2022
v8n vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-35923
was published
for
v8n
(npm)
Oct 7, 2022
css-what vulnerable to ReDoS due to use of insecure regular expression
High
CVE-2022-21222
was published
for
css-what
(npm)
Oct 1, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Moderate
CVE-2022-36083
was published
for
jose
(npm)
Sep 16, 2022
node-opcua DoS when bypassing limitations for excessive memory consumption
High
CVE-2022-24375
was published
for
node-opcua
(npm)
Aug 25, 2022
Uncontrolled Resource Consumption in node-opcua
High
CVE-2022-21208
was published
for
node-opcua
(npm)
Aug 24, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Moderate
CVE-2022-35915
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
node-fetch Inefficient Regular Expression Complexity
Moderate
CVE-2022-2596
was published
for
node-fetch
(npm)
Aug 2, 2022
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
High
CVE-2021-35065
was published
for
glob-parent
(npm)
Jul 18, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-31129
was published
for
Moment.js
(npm)
Jul 6, 2022
Denial of Service (DoS) vulnerability in RSSHub
Moderate
CVE-2022-31110
was published
for
rsshub
(npm)
Jun 23, 2022
pg-native and libpq vulnerable to uncontrolled resource consumption
High
CVE-2022-25852
was published
for
libpq
(npm)
Jun 18, 2022
Uncontrolled Resource Consumption in fast-string-search
High
CVE-2022-22138
was published
for
fast-string-search
(npm)
Jun 18, 2022
Uncontrolled Resource Consumption in Hawk
High
CVE-2022-29167
was published
for
hawk
(npm)
May 23, 2022
Uncaught Exception in fastify-multipart
High
CVE-2021-23597
was published
for
fastify-multipart
(npm)
Feb 11, 2022
Regular Expression Denial of Service in Handlebars
High
CVE-2019-20922
was published
for
handlebars
(npm)
Feb 10, 2022
Regular Expression Denial of Service in djvalidator
High
CVE-2020-7779
was published
for
djvalidator
(npm)
Feb 9, 2022
ua-parser-js Regular Expression Denial of Service vulnerability
High
CVE-2020-7793
was published
for
ua-parser-js
(npm)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API