Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,317 advisories

Loading
Denial of Service in ipfs-bitswap Moderate
GHSA-6fcr-9h9g-23fq was published for ipfs-bitswap (npm) Sep 2, 2020
mprpic
Denial of Service in markdown-it-toc-and-anchor High
GHSA-x6m6-5hrf-fh6r was published for markdown-it-toc-and-anchor (npm) Sep 1, 2020
mprpic
Denial of Service in uws High
CVE-2016-10544 was published for uws (npm) Sep 1, 2020
Regular Expression Denial of Service in ansi2html High
CVE-2015-9239 was published for ansi2html (npm) Sep 1, 2020
Regular Expression Denial of Service in bleach Moderate
CVE-2014-8881 was published for bleach (npm) Sep 1, 2020
Denial of Service in yar High
CVE-2014-4179 was published for yar (npm) Sep 1, 2020
Regular Expression Denial of Service in validator High
CVE-2014-8882 was published for validator (npm) Aug 31, 2020
Client Denial of Service on TUF Moderate
CVE-2020-6173 was published for tuf (pip) Aug 21, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
Uncontrolled resource consumption in jpeg-js Moderate
CVE-2020-8175 was published for jpeg-js (npm) Jul 27, 2020
avnerbarr
Untrusted users can run pending migrations in production in Rails Moderate
CVE-2020-8185 was published for actionpack (RubyGems) Jun 24, 2020
Regular expression denial of service in url-regex High
CVE-2020-7661 was published for url-regex (npm) Jun 22, 2020
Denial of Service in Netty High
CVE-2020-11612 was published for io.netty:netty-handler (Maven) Jun 15, 2020
Denial of service in Apache Xerces2 High
CVE-2012-0881 was published for xerces:xercesImpl (Maven) Jun 15, 2020
Apache Tomcat Denial of Service vulnerability High
CVE-2019-0199 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Regular Expression Denial of Service in websocket-extensions (NPM package) High
CVE-2020-7662 was published for websocket-extensions (npm) Jun 5, 2020
Regular Expression Denial of Service in websocket-extensions (RubyGem) High
CVE-2020-7663 was published for websocket-extensions (RubyGems) Jun 5, 2020
BSON rubygem contains potential denial of service High
CVE-2015-4411 was published for bson (RubyGems) Apr 29, 2020
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
regular expression denial-of-service (ReDoS) in Bleach High
CVE-2020-6817 was published for bleach (pip) Mar 30, 2020
Catastrophic backtracking in regex allows Denial of Service in Waitress Moderate
CVE-2020-5236 was published for waitress (pip) Feb 4, 2020
Regular Expression Denial of Service in csv-parse High
CVE-2019-17592 was published for csv-parse (npm) Oct 15, 2019
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
ProTip! Advisories are also available from the GraphQL API