GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
234 advisories
Filter by severity
Denial of Service Vulnerability in next.js
Moderate
CVE-2022-21721
was published
for
next
(npm)
Jan 28, 2022
Inefficient Regular Expression Complexity in marked
High
CVE-2022-21680
was published
for
marked
(npm)
Jan 14, 2022
Uncontrolled Resource Consumption in markdown-it
Moderate
CVE-2022-21670
was published
for
markdown-it
(npm)
Jan 12, 2022
Regular Expression Denial of Service in postcss
Moderate
CVE-2021-23382
was published
for
postcss
(npm)
Jan 7, 2022
Uncontrolled Resource Consumption in parse-link-header
High
CVE-2021-23490
was published
for
parse-link-header
(npm)
Jan 6, 2022
Regular expression deinal of service (ReDoS) in is-my-json-valid
Moderate
CVE-2018-1107
was published
for
is-my-json-valid
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2020-28500
was published
for
lodash
(npm)
Jan 6, 2022
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
Moderate
CVE-2021-43843
was published
for
jsx-slack
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
Prototype pollution in paypal-adaptive
Moderate
CVE-2020-7643
was published
for
paypal-adaptive
(npm)
Dec 10, 2021
Improper Input Validation in is-email
High
CVE-2021-36716
was published
for
is-email
(npm)
Dec 10, 2021
Uncontrolled Resource Consumption in strapi
Moderate
CVE-2020-8123
was published
for
strapi-admin
(npm)
Dec 10, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
High
CVE-2021-41167
was published
for
modern-async
(npm)
Oct 21, 2021
Regular Expression Denial of Service in jsoneditor
Moderate
CVE-2021-3822
was published
for
jsoneditor
(npm)
Sep 29, 2021
Regular Expression Denial of Service in millisecond
Moderate
GHSA-m489-xr35-fjxr
was published
for
millisecond
(npm)
Sep 22, 2021
Denial of Service in node-static
Moderate
GHSA-8r4g-cg4m-x23c
was published
for
node-static
(npm)
Sep 22, 2021
prismjs Regular Expression Denial of Service vulnerability
Moderate
CVE-2021-3801
was published
for
prismjs
(npm)
Sep 20, 2021
semver-regex Regular Expression Denial of Service (ReDOS)
High
CVE-2021-3795
was published
for
semver-regex
(npm)
Sep 20, 2021
Inefficient Regular Expression Complexity in vuelidate
High
CVE-2021-3794
was published
for
@vuelidate/validators
(npm)
Sep 20, 2021
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
High
CVE-2021-3777
was published
for
tmpl
(npm)
Sep 20, 2021
Uncontrolled Resource Consumption in trim-off-newlines
Moderate
CVE-2021-23425
was published
for
trim-off-newlines
(npm)
Sep 2, 2021
Uncontrolled Resource Consumption in ansi-html
High
CVE-2021-23424
was published
for
ansi-html
(npm)
Sep 2, 2021
Uncontrolled Resource Consumption in transpile
Moderate
CVE-2021-23429
was published
for
transpile
(npm)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API