GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
High
CVE-2022-39386
was published
for
@fastify/websocket
(npm)
Nov 7, 2022
Regular Expression Denial of Service in charset
High
CVE-2017-16098
was published
for
charset
(npm)
Aug 9, 2018
XSS in Image Optimization API for Next.js
High
CVE-2021-39178
was published
for
next
(npm)
Sep 1, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Cross-Site Scripting in @toast-ui/editor
High
GHSA-cr56-66mx-293v
was published
for
@toast-ui/editor
(npm)
Sep 3, 2020
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Cross-Site Scripting in bootstrap-vue
High
GHSA-c7pp-x73h-4m2v
was published
for
bootstrap-vue
(npm)
Sep 2, 2020
Insecure Comparison in secure-compare
High
CVE-2015-9238
was published
for
secure-compare
(npm)
Jun 3, 2019
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
High
CVE-2022-31179
was published
for
shescape
(npm)
Jul 15, 2022
Regular Expression Denial of Service in moment
High
CVE-2017-18214
was published
for
moment
(npm)
Mar 5, 2018
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
Command Injection in local-devices
High
GHSA-w725-67p7-xv22
was published
for
local-devices
(npm)
Sep 3, 2020
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
High
CVE-2017-16138
was published
for
mime
(npm)
Jul 20, 2018
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Regular Expression Denial of Service in papaparse
High
GHSA-qvjc-g5vr-mfgr
was published
for
papaparse
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API