GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Samly access control vulnerability
Critical
CVE-2024-25718
was published
for
Samly
(Erlang)
Feb 11, 2024
JSONUtil vulnerable to stack exhaustion
Critical
CVE-2023-34615
was published
for
net.pwall.json:jsonutil
(Maven)
Jun 14, 2023
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Critical
CVE-2021-4236
was published
for
github.com/ecnepsnai/web
(Go)
Dec 28, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Critical
CVE-2022-0671
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Prototype Pollution in asciitable.js
Critical
CVE-2020-7771
was published
for
asciitable.js
(npm)
Apr 13, 2021
Uncontrolled Resource Consumption in Indy Node
Critical
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
Prototype Pollution in node.extend
Critical
CVE-2018-16491
was published
for
node.extend
(npm)
Feb 7, 2019
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
Prototype Pollution in defaults-deep
Critical
CVE-2018-16486
was published
for
defaults-deep
(npm)
Feb 7, 2019
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
bson is vulnerable to denial of service due to incorrect regex validation
Critical
CVE-2015-4412
was published
for
bson
(RubyGems)
Mar 5, 2018
ProTip!
Advisories are also available from the
GraphQL API