GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,404 advisories
Filter by severity
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
High
CVE-2018-16131
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
ReDoS via long UserAgent header in ua-parser
High
CVE-2017-16086
was published
for
ua-parser
(npm)
Jul 24, 2018
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
Regular expression denial of service in url-regex
High
CVE-2020-7661
was published
for
url-regex
(npm)
Jun 22, 2020
Denial of Service in node-sass
Moderate
GHSA-9v62-24cr-58cx
was published
for
node-sass
(npm)
Sep 11, 2020
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
High
CVE-2018-18853
was published
for
io.spray:spray-json_2.10
(Maven)
Nov 9, 2018
Regular Expression Denial of Service in bleach
Moderate
CVE-2014-8881
was published
for
bleach
(npm)
Sep 1, 2020
Regular Expression Denial of Service in validator
High
CVE-2014-8882
was published
for
validator
(npm)
Aug 31, 2020
Regular Expression Denial of Service in ansi2html
High
CVE-2015-9239
was published
for
ansi2html
(npm)
Sep 1, 2020
Denial of Service in apostrophe
Low
GHSA-pv6r-vchh-cxg9
was published
for
apostrophe
(npm)
Sep 3, 2020
Denial of Service in handlebars
Moderate
GHSA-f52g-6jhx-586p
was published
for
handlebars
(npm)
Sep 3, 2020
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
Low
GHSA-8hxh-r6f7-jf45
was published
for
org.http4s:http4s-async-http-client_2.12
(Maven)
Oct 16, 2020
Uncontrolled Resource Consumption in spray-json
High
CVE-2018-18854
was published
for
io.spray:spray-json_2.10
(Maven)
Nov 9, 2018
Regular Expression Denial of Service in markdown
Low
GHSA-wx77-rp39-c6vg
was published
for
markdown
(npm)
Sep 4, 2020
Regex denial of service vulnerability in codesample plugin
Low
GHSA-h96f-fc7c-9r55
was published
for
tinymce
(npm)
Jan 6, 2021
ProTip!
Advisories are also available from the
GraphQL API