GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
thorsten/phpmyfaq vulnerable to business logic errors
High
CVE-2023-1887
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
ReDoS Vulnerability in ua-parser-js version
High
CVE-2022-25927
was published
for
ua-parser-js
(npm)
Jan 24, 2023
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
High
CVE-2022-44566
was published
for
activerecord
(RubyGems)
Jan 18, 2023
decode-uri-component vulnerable to Denial of Service (DoS)
High
CVE-2022-38900
was published
for
decode-uri-component
(npm)
Nov 28, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9544
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Inefficient Regular Expression Complexity in chalk/ansi-regex
High
CVE-2021-3807
was published
for
ansi-regex
(npm)
Sep 20, 2021
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API