Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,036 advisories

Loading
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible... Moderate Unreviewed
CVE-2020-9059 was published Jan 11, 2022
There is an Uncontrolled resource consumption vulnerability in the display module in smartphones.... Critical Unreviewed
CVE-2021-40011 was published Jan 11, 2022
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... High Unreviewed
CVE-2021-46149 was published Jan 11, 2022
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23382 was published for postcss (npm) Jan 7, 2022
DeeDeeG Towerism
Credited to DeeDeeG and Towerism
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c.... Moderate Unreviewed
CVE-2021-44590 was published Jan 7, 2022
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
Denial of Service in ckb High
CVE-2021-45700 was published for ckb (Rust) Jan 6, 2022
Uncontrolled Resource Consumption in simple_asn1 High
CVE-2021-45711 was published for simple_asn1 (Rust) Jan 6, 2022
Uncontrolled Resource Consumption in parse-link-header High
CVE-2021-23490 was published for parse-link-header (npm) Jan 6, 2022
Regular expression deinal of service (ReDoS) in is-my-json-valid Moderate
CVE-2018-1107 was published for is-my-json-valid (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces Low
CVE-2018-1109 was published for braces (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath levpachmanov
Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov
Infinite loop in Apache CFX High
CVE-2021-30468 was published for org.apache.cxf:apache-cxf (Maven) Jan 6, 2022
jsx-slack insufficient patch for CVE-2021-43838 ReDoS Moderate
CVE-2021-43843 was published for jsx-slack (npm) Jan 6, 2022
hieki
Credited to hieki
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Credited to LoboMetalurgico and PleaseInsertNameHere
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize) High
CVE-2021-43854 was published for nltk (pip) Jan 6, 2022
tomaarsen raffienficiaud
Credited to tomaarsen and raffienficiaud
Improper validation of LLM utility timers availability can lead to denial of service in... Moderate Unreviewed
CVE-2021-30348 was published Jan 4, 2022
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing... High Unreviewed
CVE-2021-24893 was published Jan 4, 2022
golang.org/x/net/http2 allows uncontrolled memory consumption High
CVE-2021-44716 was published for golang.org/x/net/http2 (Go) Jan 2, 2022
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted... Moderate Unreviewed
CVE-2021-3622 was published Dec 24, 2021
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. Moderate
CVE-2020-35210 was published for io.atomix:atomix (Maven) Dec 17, 2021
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Credited to hieki
DirectX Graphics Kernel File Denial of Service Vulnerability High Unreviewed
CVE-2021-43219 was published Dec 16, 2021
SymCrypt Denial of Service Vulnerability High Unreviewed
CVE-2021-43228 was published Dec 16, 2021
Windows Hyper-V Denial of Service Vulnerability Moderate Unreviewed
CVE-2021-43246 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database