Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Regular Expression Denial of Service in braces Low
GHSA-g95f-p29q-9xw4 was published for braces (npm) Jun 6, 2019
uap-core Regular Expression Denial of Service issue Moderate
CVE-2018-20164 was published for uap-core (npm) Mar 6, 2019
Regular Expression Denial of Service in sshpk High
CVE-2018-3737 was published for sshpk (npm) Aug 15, 2018
Incorrect Regular Expression in RestSharp High
CVE-2021-27293 was published for RestSharp (NuGet) Jul 14, 2021
Istio ReDoS Vulnerability High
CVE-2019-14993 was published for istio.io/istio (Go) May 24, 2022
js-bson vulnerable to REDoS High
CVE-2018-13863 was published for bson (npm) Sep 17, 2018
Mosca REDoS Vulnerability High
CVE-2018-11615 was published for mosca (npm) Aug 31, 2018
Regular Expression Denial of Service in papaparse High
GHSA-qvjc-g5vr-mfgr was published for papaparse (npm) Sep 4, 2020
tdunlap607
Incorrect default pattern in Jenkins Audit Trail Plugin Moderate
CVE-2020-2288 was published for org.jenkins-ci.plugins:audit-trail (Maven) May 24, 2022
NotMyFault
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters Moderate
CVE-2018-7537 was published for django (pip) Jan 4, 2019
sunSUNQ
Django denial-of-service possibility in urlize and urlizetrunc template filters Moderate
CVE-2018-7536 was published for Django (pip) Jan 4, 2019
tdunlap607
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE) Moderate
GHSA-mpcw-3j5p-p99x was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database