Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
656
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,380 advisories

Loading
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint Moderate
GHSA-7h5v-85w9-pq6c was published for matrix-synapse (pip) May 19, 2021
Denial of Service via Cache Flooding Low
GHSA-p68v-frgx-4rjp was published for shopware/core (Composer) Oct 19, 2020
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145) High
CVE-2018-17145 was published for bcoin (npm) Sep 10, 2020
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 High
GHSA-crh4-294p-vcfq was published for com.vaadin:vaadin-text-field-flow (Maven) Apr 19, 2021
Regex denial of service vulnerability in codesample plugin Low
GHSA-h96f-fc7c-9r55 was published for tinymce (npm) Jan 6, 2021
Regular Expression Denial of Service in markdown Low
GHSA-wx77-rp39-c6vg was published for markdown (npm) Sep 4, 2020
Uncontrolled Resource Consumption in spray-json High
CVE-2018-18854 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses Low
GHSA-8hxh-r6f7-jf45 was published for org.http4s:http4s-async-http-client_2.12 (Maven) Oct 16, 2020
leonardosantosklarna ashwinbhaskar
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Denial of Service in ecstatic Moderate
CVE-2019-10775 was published for ecstatic (npm) Dec 15, 2020
Exploitable inventory component chaining in PocketMine-MP High
GHSA-8jq6-w5cg-wm45 was published for pocketmine/pocketmine-mp (Composer) Nov 11, 2020
Muqsit CortexPE
Denial of Service in handlebars Moderate
GHSA-f52g-6jhx-586p was published for handlebars (npm) Sep 3, 2020
Denial of Service in apostrophe Low
GHSA-pv6r-vchh-cxg9 was published for apostrophe (npm) Sep 3, 2020
Regular Expression Denial of Service in ansi2html High
CVE-2015-9239 was published for ansi2html (npm) Sep 1, 2020
Regular Expression Denial of Service in validator High
CVE-2014-8882 was published for validator (npm) Aug 31, 2020
Denial of Service in subtext High
GHSA-2mvq-xp48-4c77 was published for subtext (npm) Sep 3, 2020
Client Denial of Service on TUF Moderate
CVE-2020-6173 was published for tuf (pip) Aug 21, 2020
Denial of Service in uws High
CVE-2016-10544 was published for uws (npm) Sep 1, 2020
Denial of Service in yar High
CVE-2014-4179 was published for yar (npm) Sep 1, 2020
Regular Expression Denial of Service in bleach Moderate
CVE-2014-8881 was published for bleach (npm) Sep 1, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields High
CVE-2018-18853 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Denial of Service in node-sass Moderate
GHSA-9v62-24cr-58cx was published for node-sass (npm) Sep 11, 2020
Regular expression denial of service in url-regex High
CVE-2020-7661 was published for url-regex (npm) Jun 22, 2020
Denial of Service in hapi High
CVE-2015-9241 was published for hapi (npm) Jun 7, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database