Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,388 advisories

Loading
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
js-bson vulnerable to REDoS High
CVE-2018-13863 was published for bson (npm) Sep 17, 2018
Regular Expression Denial of Service in timespan High
CVE-2017-16115 was published for timespan (npm) Aug 29, 2018
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
Regular Expression Denial of Service in charset High
CVE-2017-16098 was published for charset (npm) Aug 9, 2018
tdunlap607
Regular Expression Denial of Service in debug Low
CVE-2017-16137 was published for debug (npm) Aug 9, 2018
G-Rath SamHutchins-Sage
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Regular Expression Denial of Service in fresh High
CVE-2017-16119 was published for fresh (npm) Jul 24, 2018
Regular Expression Denial of Service in forwarded High
CVE-2017-16118 was published for forwarded (npm) Jul 24, 2018
Regular Expression Denial of Service in string package High
CVE-2017-16116 was published for string (npm) Jul 24, 2018
Regular Expression Denial of Service in tough-cookie High
CVE-2017-15010 was published for tough-cookie (npm) Jul 24, 2018
tdunlap607
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
Regular Expression Denial of Service in marked High
CVE-2017-16114 was published for marked (npm) Jul 24, 2018
Regular Expression Denial of Service in slug Moderate
CVE-2017-16117 was published for slug (npm) Jul 24, 2018
G-Rath
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header High
CVE-2017-16136 was published for method-override (npm) Jul 24, 2018
Regular Expression Denial Of Service in uri-js Moderate
CVE-2017-16021 was published for uri-js (npm) Jul 24, 2018
Regular Expression Denial of Service in decamelize High
CVE-2017-16023 was published for decamelize (npm) Jul 24, 2018
ReDoS via long UserAgent header in useragent High
CVE-2017-16030 was published for useragent (npm) Jul 24, 2018
Regular Expression Denial of Service in content High
CVE-2017-16111 was published for content (npm) Jul 24, 2018
Regular Expression Denial of Service in no-case High
CVE-2017-16099 was published for no-case (npm) Jul 24, 2018
ReDoS via long UserAgent header in ua-parser High
CVE-2017-16086 was published for ua-parser (npm) Jul 24, 2018
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input High
CVE-2017-16138 was published for mime (npm) Jul 20, 2018
rsalvo77 tdunlap607
Denial of Service vulnerability with large JSON payloads in fastify High
CVE-2018-3711 was published for fastify (npm) Jul 18, 2018
RDIL
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database