Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,223 advisories

Loading
DoS due to excessively large websocket message in ws High
CVE-2016-10542 was published for ws (npm) Feb 18, 2019
Regular Expression Denial of Service in riot-compiler High
CVE-2016-10527 was published for riot-compiler (npm) Feb 18, 2019
Denial of Service and Content Injection in i18n-node-angular High
CVE-2016-10524 was published for i18n-node-angular (npm) Feb 18, 2019
Regular Expression Denial of Service in jshamcrest High
CVE-2016-10521 was published for jshamcrest (npm) Feb 18, 2019
Denial of Service in mqtt-packet High
CVE-2016-10523 was published for mqtt-packet (npm) Feb 18, 2019
Prototype Pollution in mpath High
CVE-2018-16490 was published for mpath (npm) Feb 7, 2019
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (npm) Feb 7, 2019
PyKMIP Denial of service vulnerability High
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
Rack vulnerable to Denial of Service High
CVE-2018-16470 was published for rack (RubyGems) Nov 15, 2018
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields High
CVE-2018-18853 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Uncontrolled Resource Consumption in spray-json High
CVE-2018-18854 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Prototype Pollution in cached-path-relative High
CVE-2018-16472 was published for cached-path-relative (npm) Nov 7, 2018
Prototype Pollution in merge High
CVE-2018-16469 was published for merge (npm) Nov 1, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption High
CVE-2017-15701 was published for org.apache.qpid:qpid-broker (Maven) Oct 19, 2018
Keycloak vulnerable to uncontrolled resource consumption High
CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Denial of Service via malformed accept-encoding header in hapi High
CVE-2017-16013 was published for hapi (npm) Oct 9, 2018
Regular Expression Denial of Service in minimatch High
CVE-2016-10540 was published for minimatch (npm) Oct 9, 2018
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
js-bson vulnerable to REDoS High
CVE-2018-13863 was published for bson (npm) Sep 17, 2018
Regular Expression Denial of Service in timespan High
CVE-2017-16115 was published for timespan (npm) Aug 29, 2018
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
Regular Expression Denial of Service in charset High
CVE-2017-16098 was published for charset (npm) Aug 9, 2018
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database