GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
High
CVE-2022-39386
was published
for
@fastify/websocket
(npm)
Nov 7, 2022
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
High
CVE-2022-31179
was published
for
shescape
(npm)
Jul 15, 2022
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
XSS in Image Optimization API for Next.js
High
CVE-2021-39178
was published
for
next
(npm)
Sep 1, 2021
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
Regular Expression Denial of Service in papaparse
High
GHSA-qvjc-g5vr-mfgr
was published
for
papaparse
(npm)
Sep 4, 2020
Command Injection in local-devices
High
GHSA-w725-67p7-xv22
was published
for
local-devices
(npm)
Sep 3, 2020
Cross-Site Scripting in @toast-ui/editor
High
GHSA-cr56-66mx-293v
was published
for
@toast-ui/editor
(npm)
Sep 3, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Cross-Site Scripting in bootstrap-vue
High
GHSA-c7pp-x73h-4m2v
was published
for
bootstrap-vue
(npm)
Sep 2, 2020
Cross-Site Scripting in swagger-ui
High
CVE-2016-1000233
was published
for
swagger-ui
(npm)
Sep 1, 2020
Insecure Comparison in secure-compare
High
CVE-2015-9238
was published
for
secure-compare
(npm)
Jun 3, 2019
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Regular Expression Denial of Service in charset
High
CVE-2017-16098
was published
for
charset
(npm)
Aug 9, 2018
Regular Expression Denial of Service in tough-cookie
High
CVE-2017-15010
was published
for
tough-cookie
(npm)
Jul 24, 2018
ProTip!
Advisories are also available from the
GraphQL API