Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
Denial of service in rocket chat message parser Moderate
CVE-2024-46935 was published for @rocket.chat/message-parser (npm) Sep 25, 2024
Directus GraphQL Field Duplication Denial of Service (DoS) Moderate
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1A AlmogApiiro
ebickle
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext Moderate
CVE-2024-28176 was published for jose (npm) Mar 7, 2024
P3ngu1nW panva
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
graphql Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-26144 was published for graphql (npm) Sep 20, 2023
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
Directus API vulnerable to denial of service Moderate
CVE-2020-19850 was published for directus (npm) Apr 4, 2023
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE Moderate
CVE-2022-36083 was published for jose (npm) Sep 16, 2022
TomTervoort panva
Churro
OpenZeppelin Contracts ERC165Checker unbounded gas consumption Moderate
CVE-2022-35915 was published for @openzeppelin/contracts (npm) Aug 14, 2022
node-fetch Inefficient Regular Expression Complexity Moderate
CVE-2022-2596 was published for node-fetch (npm) Aug 2, 2022
vovikhangcdv
Denial of Service (DoS) vulnerability in RSSHub Moderate
CVE-2022-31110 was published for rsshub (npm) Jun 23, 2022
Rongronggg9
Denial of Service Vulnerability in next.js Moderate
CVE-2022-21721 was published for next (npm) Jan 28, 2022
ijjk
Uncontrolled Resource Consumption in markdown-it Moderate
CVE-2022-21670 was published for markdown-it (npm) Jan 12, 2022
makenowjust
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23382 was published for postcss (npm) Jan 7, 2022
DeeDeeG Towerism
Regular expression deinal of service (ReDoS) in is-my-json-valid Moderate
CVE-2018-1107 was published for is-my-json-valid (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (npm) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale
jsx-slack insufficient patch for CVE-2021-43838 ReDoS Moderate
CVE-2021-43843 was published for jsx-slack (npm) Jan 6, 2022
hieki
Prototype pollution in paypal-adaptive Moderate
CVE-2020-7643 was published for paypal-adaptive (npm) Dec 10, 2021
Uncontrolled Resource Consumption in strapi Moderate
CVE-2020-8123 was published for strapi-admin (npm) Dec 10, 2021
J3rry-1729
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database