Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,123 advisories

Loading
word-wrap vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-26115 was published for word-wrap (npm) Jun 22, 2023
engine.io Uncaught Exception vulnerability Moderate
CVE-2023-31125 was published for engine.io (npm) May 3, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Broken Authentication in Atlassian Connect Express High
CVE-2021-26073 was published for atlassian-connect-express (npm) May 24, 2022
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory High
CVE-2025-25283 was published for parse-duration (npm) Feb 12, 2025
lirantal
Inefficient Regular Expression Complexity in koa Critical
CVE-2025-25200 was published for koa (npm) Feb 12, 2025
R4356th
Denial of service in css-what High
CVE-2021-33587 was published for css-what (npm) Jun 7, 2021
Deserialization of Untrusted Data in bson Critical
CVE-2020-7610 was published for bson (npm) May 7, 2021
Prototype Pollution in node-forge High
CVE-2020-7720 was published for node-forge (npm) Sep 14, 2020
Potential memory exposure in dns-packet High
CVE-2021-23386 was published for dns-packet (npm) May 24, 2021
Uncontrolled Resource Consumption in ansi-html High
CVE-2021-23424 was published for ansi-html (npm) Sep 2, 2021
Diddern
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24772 was published for node-forge (npm) Mar 18, 2022
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
Exposure of sensitive information in follow-redirects High
CVE-2022-0155 was published for follow-redirects (npm) Jan 12, 2022
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24771 was published for node-forge (npm) Mar 18, 2022
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
axios Inefficient Regular Expression Complexity vulnerability High
CVE-2021-3749 was published for axios (npm) Sep 1, 2021
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Prototype Pollution in deep-extend Critical
CVE-2018-3750 was published for deep-extend (npm) Oct 9, 2018
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Regular Expression Denial of Service (ReDoS) High
GHSA-h6ch-v84p-w6p9 was published for diff (npm) Jun 13, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database