GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
Denial of service in rocket chat message parser
Moderate
CVE-2024-46935
was published
for
@rocket.chat/message-parser
(npm)
Sep 25, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
Regular Expression Denial Of Service in uri-js
Moderate
CVE-2017-16021
was published
for
uri-js
(npm)
Jul 24, 2018
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Moderate
CVE-2024-28176
was published
for
jose
(npm)
Mar 7, 2024
Unlimited transforms allowed for signed nodes
Moderate
CVE-2021-39171
was published
for
passport-saml
(npm)
Aug 30, 2021
Denial of Service Vulnerability in next.js
Moderate
CVE-2022-21721
was published
for
next
(npm)
Jan 28, 2022
Denial of Service in ipfs-bitswap
Moderate
GHSA-6fcr-9h9g-23fq
was published
for
ipfs-bitswap
(npm)
Sep 2, 2020
Regular Expression Denial of Service in jsoneditor
Moderate
CVE-2021-3822
was published
for
jsoneditor
(npm)
Sep 29, 2021
Uncontrolled Resource Consumption in strapi
Moderate
CVE-2020-8123
was published
for
strapi-admin
(npm)
Dec 10, 2021
graphql Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-26144
was published
for
graphql
(npm)
Sep 20, 2023
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2020-28500
was published
for
lodash
(npm)
Jan 6, 2022
Regular Expression Denial of Service in simple-markdown
Moderate
GHSA-4xf9-pgvv-xx67
was published
for
simple-markdown
(npm)
Sep 3, 2020
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
Moderate
CVE-2021-23346
was published
for
html-parse-stringify
(npm)
Mar 18, 2021
superagent vulnerable to zip bomb attacks
Moderate
CVE-2017-16129
was published
for
superagent
(npm)
Aug 9, 2018
Uncontrolled resource consumption in jpeg-js
Moderate
CVE-2020-8175
was published
for
jpeg-js
(npm)
Jul 27, 2020
Regular Expression Denial of Service in postcss
Moderate
CVE-2021-23382
was published
for
postcss
(npm)
Jan 7, 2022
Prototype pollution in paypal-adaptive
Moderate
CVE-2020-7643
was published
for
paypal-adaptive
(npm)
Dec 10, 2021
Regular Expression Denial of Service in browserslist
Moderate
CVE-2021-23364
was published
for
browserslist
(npm)
May 24, 2021
Denial of Service (DoS) vulnerability in RSSHub
Moderate
CVE-2022-31110
was published
for
rsshub
(npm)
Jun 23, 2022
Uncontrolled Resource Consumption in markdown-it
Moderate
CVE-2022-21670
was published
for
markdown-it
(npm)
Jan 12, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Moderate
CVE-2022-36083
was published
for
jose
(npm)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API