Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

234 advisories

Loading
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne G-Rath
Denial of Service Vulnerability in next.js Moderate
CVE-2022-21721 was published for next (npm) Jan 28, 2022
ijjk
Inefficient Regular Expression Complexity in marked High
CVE-2022-21680 was published for marked (npm) Jan 14, 2022
makenowjust
Uncontrolled Resource Consumption in markdown-it Moderate
CVE-2022-21670 was published for markdown-it (npm) Jan 12, 2022
makenowjust
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23382 was published for postcss (npm) Jan 7, 2022
DeeDeeG Towerism
Uncontrolled Resource Consumption in parse-link-header High
CVE-2021-23490 was published for parse-link-header (npm) Jan 6, 2022
Regular expression deinal of service (ReDoS) in is-my-json-valid Moderate
CVE-2018-1107 was published for is-my-json-valid (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces Low
CVE-2018-1109 was published for braces (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (npm) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale
jsx-slack insufficient patch for CVE-2021-43838 ReDoS Moderate
CVE-2021-43843 was published for jsx-slack (npm) Jan 6, 2022
hieki
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Prototype pollution in paypal-adaptive Moderate
CVE-2020-7643 was published for paypal-adaptive (npm) Dec 10, 2021
Improper Input Validation in is-email High
CVE-2021-36716 was published for is-email (npm) Dec 10, 2021
Uncontrolled Resource Consumption in strapi Moderate
CVE-2020-8123 was published for strapi-admin (npm) Dec 10, 2021
J3rry-1729
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
Regular Expression Denial of Service in millisecond Moderate
GHSA-m489-xr35-fjxr was published for millisecond (npm) Sep 22, 2021
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
prismjs Regular Expression Denial of Service vulnerability Moderate
CVE-2021-3801 was published for prismjs (npm) Sep 20, 2021
semver-regex Regular Expression Denial of Service (ReDOS) High
CVE-2021-3795 was published for semver-regex (npm) Sep 20, 2021
Inefficient Regular Expression Complexity in vuelidate High
CVE-2021-3794 was published for @vuelidate/validators (npm) Sep 20, 2021
madcatone
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion High
CVE-2021-3777 was published for tmpl (npm) Sep 20, 2021
Uncontrolled Resource Consumption in trim-off-newlines Moderate
CVE-2021-23425 was published for trim-off-newlines (npm) Sep 2, 2021
Uncontrolled Resource Consumption in ansi-html High
CVE-2021-23424 was published for ansi-html (npm) Sep 2, 2021
Diddern
Uncontrolled Resource Consumption in transpile Moderate
CVE-2021-23429 was published for transpile (npm) Sep 2, 2021
ProTip! Advisories are also available from the GraphQL API