GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,317 advisories
Filter by severity
Denial of Service in ipfs-bitswap
Moderate
GHSA-6fcr-9h9g-23fq
was published
for
ipfs-bitswap
(npm)
Sep 2, 2020
Denial of Service in markdown-it-toc-and-anchor
High
GHSA-x6m6-5hrf-fh6r
was published
for
markdown-it-toc-and-anchor
(npm)
Sep 1, 2020
Regular Expression Denial of Service in ansi2html
High
CVE-2015-9239
was published
for
ansi2html
(npm)
Sep 1, 2020
Regular Expression Denial of Service in bleach
Moderate
CVE-2014-8881
was published
for
bleach
(npm)
Sep 1, 2020
Regular Expression Denial of Service in validator
High
CVE-2014-8882
was published
for
validator
(npm)
Aug 31, 2020
Uncontrolled resource consumption in jpeg-js
Moderate
CVE-2020-8175
was published
for
jpeg-js
(npm)
Jul 27, 2020
Untrusted users can run pending migrations in production in Rails
Moderate
CVE-2020-8185
was published
for
actionpack
(RubyGems)
Jun 24, 2020
Regular expression denial of service in url-regex
High
CVE-2020-7661
was published
for
url-regex
(npm)
Jun 22, 2020
Denial of Service in Netty
High
CVE-2020-11612
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2020
Denial of service in Apache Xerces2
High
CVE-2012-0881
was published
for
xerces:xercesImpl
(Maven)
Jun 15, 2020
Apache Tomcat Denial of Service vulnerability
High
CVE-2019-0199
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
Uncontrolled Resource Consumption in Indy Node
High
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
Regular Expression Denial of Service in websocket-extensions (NPM package)
High
CVE-2020-7662
was published
for
websocket-extensions
(npm)
Jun 5, 2020
Regular Expression Denial of Service in websocket-extensions (RubyGem)
High
CVE-2020-7663
was published
for
websocket-extensions
(RubyGems)
Jun 5, 2020
BSON rubygem contains potential denial of service
High
CVE-2015-4411
was published
for
bson
(RubyGems)
Apr 29, 2020
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
regular expression denial-of-service (ReDoS) in Bleach
High
CVE-2020-6817
was published
for
bleach
(pip)
Mar 30, 2020
Catastrophic backtracking in regex allows Denial of Service in Waitress
Moderate
CVE-2020-5236
was published
for
waitress
(pip)
Feb 4, 2020
Regular Expression Denial of Service in csv-parse
High
CVE-2019-17592
was published
for
csv-parse
(npm)
Oct 15, 2019
ProTip!
Advisories are also available from the
GraphQL API