Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

561 advisories

Loading
Inefficient Regular Expression Complexity in marked High
CVE-2022-21680 was published for marked (npm) Jan 14, 2022
makenowjust
Credited to makenowjust
Denial-of-service in Django High
CVE-2021-45115 was published for Django (pip) Jan 12, 2022
sunSUNQ
Credited to sunSUNQ
Denial of Service in ckb High
CVE-2021-45700 was published for ckb (Rust) Jan 6, 2022
Uncontrolled Resource Consumption in simple_asn1 High
CVE-2021-45711 was published for simple_asn1 (Rust) Jan 6, 2022
Uncontrolled Resource Consumption in parse-link-header High
CVE-2021-23490 was published for parse-link-header (npm) Jan 6, 2022
Infinite loop in Apache CFX High
CVE-2021-30468 was published for org.apache.cxf:apache-cxf (Maven) Jan 6, 2022
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize) High
CVE-2021-43854 was published for nltk (pip) Jan 6, 2022
tomaarsen raffienficiaud
Credited to tomaarsen and raffienficiaud
golang.org/x/net/http2 allows uncontrolled memory consumption High
CVE-2021-44716 was published for golang.org/x/net/http2 (Go) Jan 2, 2022
Improper Input Validation in is-email High
CVE-2021-36716 was published for is-email (npm) Dec 10, 2021
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
github.com/tidwall/gjson Vulnerable to REDoS attack High
CVE-2021-42836 was published for github.com/tidwall/gjson (Go) Oct 25, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
Apprise vulnerable to regex injection with IFTTT Plugin High
CVE-2021-39229 was published for apprise (pip) Sep 20, 2021
kevinbackhouse erik-krogh
Credited to kevinbackhouse and erik-krogh
semver-regex Regular Expression Denial of Service (ReDOS) High
CVE-2021-3795 was published for semver-regex (npm) Sep 20, 2021
Inefficient Regular Expression Complexity in vuelidate High
CVE-2021-3794 was published for @vuelidate/validators (npm) Sep 20, 2021
madcatone
Credited to madcatone
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion High
CVE-2021-3777 was published for tmpl (npm) Sep 20, 2021
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Credited to erik-krogh
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way High
CVE-2021-37137 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
Credited to orvdoo and westonsteimel
Bzip2Decoder doesn't allow setting size restrictions for decompressed data High
CVE-2021-37136 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
Credited to orvdoo and westonsteimel
Regular Expression Denial of Service in flask-restx High
CVE-2021-32838 was published for flask-restx (pip) Sep 8, 2021
erik-krogh yoff
Credited to erik-krogh and yoff
Uncontrolled Resource Consumption in pillow High
CVE-2021-23437 was published for pillow (pip) Sep 7, 2021
Uncontrolled Resource Consumption in ansi-html High
CVE-2021-23424 was published for ansi-html (npm) Sep 2, 2021
Diddern
Credited to Diddern
axios Inefficient Regular Expression Complexity vulnerability High
CVE-2021-3749 was published for axios (npm) Sep 1, 2021
Remote memory exhaustion in ckb High
GHSA-48vq-8jqv-gm6f was published for ckb (Rust) Aug 25, 2021
Uncontrolled Resource Consumption in parse_duration High
CVE-2021-29932 was published for parse_duration (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database