GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
440 advisories
Filter by severity
Keycloak vulnerable to uncontrolled resource consumption
High
CVE-2014-3651
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
Regular Expression Denial of Service in websocket-extensions (NPM package)
High
CVE-2020-7662
was published
for
websocket-extensions
(npm)
Jun 5, 2020
Regular Expression Denial of Service in negotiator
High
CVE-2016-10539
was published
for
negotiator
(npm)
Oct 9, 2018
DoS due to excessively large websocket message in ws
High
CVE-2016-10542
was published
for
ws
(npm)
Feb 18, 2019
Denial-of-Service Extended Event Loop Blocking in qs
High
CVE-2014-10064
was published
for
qs
(npm)
Oct 9, 2018
Denial of Service in mqtt-packet
High
CVE-2016-10523
was published
for
mqtt-packet
(npm)
Feb 18, 2019
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
High
CVE-2018-16131
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
ReDoS via long UserAgent header in ua-parser
High
CVE-2017-16086
was published
for
ua-parser
(npm)
Jul 24, 2018
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
Regular expression denial of service in url-regex
High
CVE-2020-7661
was published
for
url-regex
(npm)
Jun 22, 2020
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
High
CVE-2018-18853
was published
for
io.spray:spray-json_2.10
(Maven)
Nov 9, 2018
Regular Expression Denial of Service in ansi2html
High
CVE-2015-9239
was published
for
ansi2html
(npm)
Sep 1, 2020
Regular Expression Denial of Service in validator
High
CVE-2014-8882
was published
for
validator
(npm)
Aug 31, 2020
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
Uncontrolled Resource Consumption in spray-json
High
CVE-2018-18854
was published
for
io.spray:spray-json_2.10
(Maven)
Nov 9, 2018
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
GHSA-crh4-294p-vcfq
was published
for
com.vaadin:vaadin-text-field-flow
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API