GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Denial of service in rocket chat message parser
Moderate
CVE-2024-46935
was published
for
@rocket.chat/message-parser
(npm)
Sep 25, 2024
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Moderate
CVE-2024-28176
was published
for
jose
(npm)
Mar 7, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
graphql Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-26144
was published
for
graphql
(npm)
Sep 20, 2023
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
Directus API vulnerable to denial of service
Moderate
CVE-2020-19850
was published
for
directus
(npm)
Apr 4, 2023
ToolJet is vulnerable to Denial of Service (DoS)
Moderate
CVE-2022-4111
was published
for
tooljet
(npm)
Nov 22, 2022
NocoDB vulnerable to Denial of Service
Moderate
CVE-2022-3423
was published
for
nocodb
(npm)
Oct 7, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Moderate
CVE-2022-36083
was published
for
jose
(npm)
Sep 16, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Moderate
CVE-2022-35915
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
node-fetch Inefficient Regular Expression Complexity
Moderate
CVE-2022-2596
was published
for
node-fetch
(npm)
Aug 2, 2022
Denial of Service (DoS) vulnerability in RSSHub
Moderate
CVE-2022-31110
was published
for
rsshub
(npm)
Jun 23, 2022
Denial of Service Vulnerability in next.js
Moderate
CVE-2022-21721
was published
for
next
(npm)
Jan 28, 2022
Uncontrolled Resource Consumption in markdown-it
Moderate
CVE-2022-21670
was published
for
markdown-it
(npm)
Jan 12, 2022
Regular Expression Denial of Service in postcss
Moderate
CVE-2021-23382
was published
for
postcss
(npm)
Jan 7, 2022
Regular expression deinal of service (ReDoS) in is-my-json-valid
Moderate
CVE-2018-1107
was published
for
is-my-json-valid
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2020-28500
was published
for
lodash
(npm)
Jan 6, 2022
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
Moderate
CVE-2021-43843
was published
for
jsx-slack
(npm)
Jan 6, 2022
Prototype pollution in paypal-adaptive
Moderate
CVE-2020-7643
was published
for
paypal-adaptive
(npm)
Dec 10, 2021
Uncontrolled Resource Consumption in strapi
Moderate
CVE-2020-8123
was published
for
strapi-admin
(npm)
Dec 10, 2021
Regular Expression Denial of Service in jsoneditor
Moderate
CVE-2021-3822
was published
for
jsoneditor
(npm)
Sep 29, 2021
Regular Expression Denial of Service in millisecond
Moderate
GHSA-m489-xr35-fjxr
was published
for
millisecond
(npm)
Sep 22, 2021
ProTip!
Advisories are also available from the
GraphQL API