GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
Regular Expression Denial of Service in moment
Moderate
CVE-2016-4055
was published
for
moment
(npm)
Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number
Moderate
CVE-2014-9490
was published
for
sentry-raven
(RubyGems)
Oct 24, 2017
Rack rubygems receiving excessively long lines triggers out-of-memory error
Moderate
CVE-2013-0183
was published
for
rack
(RubyGems)
Oct 24, 2017
Regular Expression Denial of Service in ssri
Moderate
CVE-2018-7651
was published
for
ssri
(npm)
Mar 7, 2018
Regular Expression Denial Of Service in uri-js
Moderate
CVE-2017-16021
was published
for
uri-js
(npm)
Jul 24, 2018
Regular Expression Denial of Service in slug
Moderate
CVE-2017-16117
was published
for
slug
(npm)
Jul 24, 2018
superagent vulnerable to zip bomb attacks
Moderate
CVE-2017-16129
was published
for
superagent
(npm)
Aug 9, 2018
In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
Moderate
CVE-2018-11797
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
Marked ReDoS due to email addresses being evaluated in quadratic time
Moderate
GHSA-xf5p-87ch-gxw2
was published
for
marked
(npm)
Jun 5, 2019
Denial of Service in url-relative
Moderate
GHSA-86p3-4gfq-38f2
was published
for
url-relative
(npm)
Jun 5, 2019
Denial of Service in js-yaml
Moderate
GHSA-2pr6-76vf-7546
was published
for
js-yaml
(npm)
Jun 5, 2019
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
Regular Expression Denial of Service
Moderate
GHSA-6394-6h9h-cfjg
was published
for
nwmatcher
(npm)
Jun 7, 2019
Prototype Pollution in lutils-merge
Moderate
GHSA-f7qw-5pvg-mmwp
was published
for
lutils-merge
(npm)
Jun 13, 2019
Regular Expression Denial of Service in underscore.string
Moderate
GHSA-v2p6-4mp7-3r9v
was published
for
underscore.string
(npm)
Jun 14, 2019
Regular Expression Denial of Service
Moderate
GHSA-qx4v-6gc5-f2vv
was published
for
esm
(npm)
Jun 20, 2019
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2019-1010266
was published
for
lodash
(npm)
Jul 19, 2019
Denial of Service in rgb2hex
Moderate
GHSA-65p8-3hm4-h9h8
was published
for
rgb2hex
(npm)
Aug 23, 2019
Catastrophic backtracking in regex allows Denial of Service in Waitress
Moderate
CVE-2020-5236
was published
for
waitress
(pip)
Feb 4, 2020
Untrusted users can run pending migrations in production in Rails
Moderate
CVE-2020-8185
was published
for
actionpack
(RubyGems)
Jun 24, 2020
Uncontrolled resource consumption in jpeg-js
Moderate
CVE-2020-8175
was published
for
jpeg-js
(npm)
Jul 27, 2020
ProTip!
Advisories are also available from the
GraphQL API