GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
Regular Expression Denial of Service in websocket-extensions (NPM package)
High
CVE-2020-7662
was published
for
websocket-extensions
(npm)
Jun 5, 2020
Regular Expression Denial of Service in negotiator
High
CVE-2016-10539
was published
for
negotiator
(npm)
Oct 9, 2018
DoS due to excessively large websocket message in ws
High
CVE-2016-10542
was published
for
ws
(npm)
Feb 18, 2019
Denial-of-Service Extended Event Loop Blocking in qs
High
CVE-2014-10064
was published
for
qs
(npm)
Oct 9, 2018
Denial of Service in mqtt-packet
High
CVE-2016-10523
was published
for
mqtt-packet
(npm)
Feb 18, 2019
ReDoS via long UserAgent header in ua-parser
High
CVE-2017-16086
was published
for
ua-parser
(npm)
Jul 24, 2018
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
Regular expression denial of service in url-regex
High
CVE-2020-7661
was published
for
url-regex
(npm)
Jun 22, 2020
Regular Expression Denial of Service in validator
High
CVE-2014-8882
was published
for
validator
(npm)
Aug 31, 2020
Regular Expression Denial of Service in ansi2html
High
CVE-2015-9239
was published
for
ansi2html
(npm)
Sep 1, 2020
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
High
CVE-2018-17145
was published
for
bcoin
(npm)
Sep 10, 2020
Regular Expression Denial-of-Service in npm schema-inspector
High
CVE-2021-21267
was published
for
schema-inspector
(npm)
Mar 19, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
High
CVE-2021-41167
was published
for
modern-async
(npm)
Oct 21, 2021
Uncontrolled Resource Consumption in fast-string-search
High
CVE-2022-22138
was published
for
fast-string-search
(npm)
Jun 18, 2022
Regular expression denial of service in react-native
High
CVE-2020-1920
was published
for
react-native
(npm)
Jul 20, 2021
ProTip!
Advisories are also available from the
GraphQL API