Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,373 advisories

Loading
Prototype Pollution in merge High
CVE-2018-16469 was published for merge (npm) Nov 1, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption High
CVE-2017-15701 was published for org.apache.qpid:qpid-broker (Maven) Oct 19, 2018
Keycloak vulnerable to uncontrolled resource consumption High
CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation Moderate
CVE-2018-11797 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
Denial of Service in memjs Critical
CVE-2018-3767 was published for memjs (npm) Oct 10, 2018
Denial of Service via malformed accept-encoding header in hapi High
CVE-2017-16013 was published for hapi (npm) Oct 9, 2018
Regular Expression Denial of Service in minimatch High
CVE-2016-10540 was published for minimatch (npm) Oct 9, 2018
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
js-bson vulnerable to REDoS High
CVE-2018-13863 was published for bson (npm) Sep 17, 2018
Regular Expression Denial of Service in timespan High
CVE-2017-16115 was published for timespan (npm) Aug 29, 2018
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
Regular Expression Denial of Service in charset High
CVE-2017-16098 was published for charset (npm) Aug 9, 2018
tdunlap607
Regular Expression Denial of Service in debug Low
CVE-2017-16137 was published for debug (npm) Aug 9, 2018
G-Rath SamHutchins-Sage
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Regular Expression Denial of Service in fresh High
CVE-2017-16119 was published for fresh (npm) Jul 24, 2018
Regular Expression Denial of Service in forwarded High
CVE-2017-16118 was published for forwarded (npm) Jul 24, 2018
Regular Expression Denial of Service in string package High
CVE-2017-16116 was published for string (npm) Jul 24, 2018
Regular Expression Denial of Service in tough-cookie High
CVE-2017-15010 was published for tough-cookie (npm) Jul 24, 2018
tdunlap607
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
Regular Expression Denial of Service in marked High
CVE-2017-16114 was published for marked (npm) Jul 24, 2018
Regular Expression Denial of Service in slug Moderate
CVE-2017-16117 was published for slug (npm) Jul 24, 2018
G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database