Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,317 advisories

Loading
Denial of Service in apostrophe Low
GHSA-pv6r-vchh-cxg9 was published for apostrophe (npm) Sep 3, 2020
Denial of Service in subtext High
GHSA-2mvq-xp48-4c77 was published for subtext (npm) Sep 3, 2020
Client Denial of Service on TUF Moderate
CVE-2020-6173 was published for tuf (pip) Aug 21, 2020
Denial of Service in uws High
CVE-2016-10544 was published for uws (npm) Sep 1, 2020
Denial of Service in yar High
CVE-2014-4179 was published for yar (npm) Sep 1, 2020
Regular Expression Denial of Service in bleach Moderate
CVE-2014-8881 was published for bleach (npm) Sep 1, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields High
CVE-2018-18853 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Denial of Service in node-sass Moderate
GHSA-9v62-24cr-58cx was published for node-sass (npm) Sep 11, 2020
Regular expression denial of service in url-regex High
CVE-2020-7661 was published for url-regex (npm) Jun 22, 2020
Denial of Service in hapi High
CVE-2015-9241 was published for hapi (npm) Jun 7, 2018
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
ReDoS via long UserAgent header in ua-parser High
CVE-2017-16086 was published for ua-parser (npm) Jul 24, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Denial of Service in mqtt-packet High
CVE-2016-10523 was published for mqtt-packet (npm) Feb 18, 2019
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
DoS due to excessively large websocket message in ws High
CVE-2016-10542 was published for ws (npm) Feb 18, 2019
Regular Expression Denial of Service in ssri Moderate
CVE-2018-7651 was published for ssri (npm) Mar 7, 2018
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
Regular Expression Denial of Service in websocket-extensions (NPM package) High
CVE-2020-7662 was published for websocket-extensions (npm) Jun 5, 2020
Uncontrolled Resource Consumption in Indy Node High
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
ProTip! Advisories are also available from the GraphQL API