Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

561 advisories

Loading
Soundness issue in raw-cpuid High
CVE-2021-26306 was published for raw-cpuid (Rust) Aug 25, 2021
Insufficient size checks in ws High
CVE-2020-35896 was published for ws (Rust) Aug 25, 2021
Excessive memory usage in tokio-rustls High
CVE-2020-35875 was published for tokio-rustls (Rust) Aug 25, 2021
Stack consumption in trust-dns-server High
CVE-2020-35857 was published for trust-dns-server (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Memory exhaustion in asn1_der High
CVE-2019-15549 was published for asn1_der (Rust) Aug 25, 2021
Regular Expression Denial of Service in System.Text.RegularExpressions High
CVE-2019-0820 was published for System.Text.RegularExpressions (NuGet) Aug 4, 2021
r-bit-rry
Credited to r-bit-rry
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion High
CVE-2021-23409 was published for github.com/pires/go-proxyproto (Go) Jul 26, 2021
tdunlap607
Credited to tdunlap607
Regular expression denial of service in react-native High
CVE-2020-1920 was published for react-native (npm) Jul 20, 2021
Regular Expression Denial of Service in Addressable templates High
CVE-2021-32740 was published for addressable (RubyGems) Jul 12, 2021
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
Resource exhaustion in socket.io-parser High
CVE-2020-36049 was published for socket.io-parser (npm) Jun 30, 2021
Denial of Service in miekg-dns High
CVE-2017-15133 was published for github.com/miekg/dns (Go) Jun 29, 2021
Regular Expression Denial of Service (ReDoS) in Prism High
CVE-2021-32723 was published for prismjs (npm) Jun 28, 2021
Denial of service in GJSON High
CVE-2020-35380 was published for github.com/tidwall/gjson (Go) Jun 23, 2021
Uncontrolled Resource Consumption in Apache OpenMeetings server High
CVE-2021-27576 was published for org.apache.openmeetings:openmeetings-parent (Maven) Jun 16, 2021
Uncontrolled Resource Consumption in locutus High
CVE-2021-23392 was published for locutus (npm) Jun 10, 2021
ReDoS in normalize-url High
CVE-2021-33502 was published for normalize-url (npm) Jun 8, 2021
Uncontrolled Resource Consumption in Pillow High
CVE-2021-28677 was published for Pillow (pip) Jun 8, 2021
sunSUNQ
Credited to sunSUNQ
Denial of service in css-what High
CVE-2021-33587 was published for css-what (npm) Jun 7, 2021
Uncontrolled Resource Consumption in trim-newlines High
CVE-2021-33623 was published for trim-newlines (npm) Jun 7, 2021
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex High
CVE-2020-28469 was published for glob-parent (npm) Jun 7, 2021
sealonohana
Credited to sealonohana
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters High
CVE-2021-33503 was published for urllib3 (pip) Jun 1, 2021
NariyoshiChida ap-wtioit
Credited to NariyoshiChida and ap-wtioit
Integer overflow in github.com/gorilla/websocket High
CVE-2020-27813 was published for github.com/gorilla/websocket (Go) May 18, 2021
github.com/tidwall/gjson is vulnerable to Denial of service High
CVE-2020-36066 was published for github.com/tidwall/gjson (Go) May 18, 2021
miekg/dns parsing error leads to nil pointer dereference and DoS High
CVE-2018-17419 was published for github.com/miekg/dns (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database