GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,404 advisories
Filter by severity
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
GHSA-crh4-294p-vcfq
was published
for
com.vaadin:vaadin-text-field-flow
(Maven)
Apr 19, 2021
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
High
CVE-2018-17145
was published
for
bcoin
(npm)
Sep 10, 2020
Denial of Service via Cache Flooding
Low
GHSA-p68v-frgx-4rjp
was published
for
shopware/core
(Composer)
Oct 19, 2020
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Moderate
GHSA-7h5v-85w9-pq6c
was published
for
matrix-synapse
(pip)
May 19, 2021
Uncontrolled Resource Consumption in pillow
Moderate
GHSA-jgpv-4h4c-xhw3
was published
for
pillow
(pip)
Apr 23, 2021
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Denial of Service in node-static
Moderate
GHSA-8r4g-cg4m-x23c
was published
for
node-static
(npm)
Sep 22, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
GHSA-j23j-q57m-63v3
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Regular Expression Denial of Service in millisecond
Moderate
GHSA-m489-xr35-fjxr
was published
for
millisecond
(npm)
Sep 22, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
High
CVE-2018-12545
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 28, 2019
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Marked ReDoS due to email addresses being evaluated in quadratic time
Moderate
GHSA-xf5p-87ch-gxw2
was published
for
marked
(npm)
Jun 5, 2019
ircdkit vulnerable to Denial of Service due to unhandled connection end event
Low
GHSA-f7r3-p866-q9qr
was published
for
ircdkit
(npm)
Jun 3, 2019
Uncontrolled Resource Consumption in Spray JSON
Moderate
CVE-2018-18855
was published
for
io.spray:spray-json
(Maven)
Jun 28, 2022
DOS and excessive memory usage when passing untrusted user input to to dag import
Moderate
GHSA-f2gr-7299-487h
was published
for
github.com/ipfs/go-ipfs
(Go)
Jul 6, 2022
Regular Expression Denial of Service in slug
Moderate
CVE-2017-16117
was published
for
slug
(npm)
Jul 24, 2018
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Moderate
Unreviewed
CVE-2019-20176
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API