Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,036 advisories

Loading
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) Moderate
CVE-2021-23346 was published for html-parse-stringify (npm) Mar 18, 2021
Uncontrolled Resource Consumption in Apache Thrift High
CVE-2020-13949 was published for org.apache.thrift:libthrift (Maven) Mar 12, 2021
jspdf vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-23353 was published for jspdf (npm) Mar 12, 2021
DOS vulnerability for Quoted Quality CSV headers Moderate
CVE-2020-27223 was published for org.eclipse.jetty:jetty-server (Maven) Mar 10, 2021
trontti bd-mtv
bronallo-bd
Credited to trontti, bd-mtv, and bronallo-bd
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
Regular expression Denial of Service in @progfay/scrapbox-parser Moderate
CVE-2021-27405 was published for @progfay/scrapbox-parser (npm) Mar 1, 2021
progfay
Credited to progfay
Denial of service in three High
CVE-2020-28496 was published for three (npm) Mar 1, 2021
Denial of service in prismjs High
CVE-2021-23341 was published for prismjs (npm) Mar 1, 2021
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
Credited to mscherer
Regular Expression Denial of Service (REDoS) in Marked Moderate
CVE-2021-21306 was published for marked (npm) Feb 8, 2021
Xegyn calculuschild
Credited to Xegyn and calculuschild
Regular Expression Denial of Service (REDoS) in httplib2 High
CVE-2021-21240 was published for httplib2 (pip) Feb 8, 2021
b-c-ds
Credited to b-c-ds
Prototype pollution in total.js High
CVE-2020-28495 was published for total.js (npm) Feb 5, 2021
Prototype pollution in dotty Critical
CVE-2021-25912 was published for dotty (npm) Feb 5, 2021
Unbounded connection acceptance in http4s-blaze-server High
CVE-2021-21294 was published for org.http4s:http4s-blaze-server_2.12 (Maven) Feb 2, 2021
Unbounded connection acceptance leads to file handle exhaustion High
CVE-2021-21293 was published for org.http4s:blaze-core_2.11 (Maven) Feb 2, 2021
Denial of Service in uap-core High
CVE-2021-21317 was published for uap-core (npm) Feb 2, 2021
Prototype pollution in nested-object-assign High
CVE-2021-23329 was published for nested-object-assign (npm) Feb 1, 2021
CKEditor 5 Markdown plugin Regular expression Denial of Service Moderate
CVE-2021-21254 was published for @ckeditor/ckeditor5-markdown-gfm (npm) Jan 29, 2021
Prototype pollution in gsap High
CVE-2020-28478 was published for gsap (npm) Jan 20, 2021
Prototype pollution in JointJS High
CVE-2020-28480 was published for jointjs (npm) Jan 20, 2021
Regular Expression Denial of Service in jquery-validation High
CVE-2021-21252 was published for jQuery.Validation (npm) Jan 13, 2021
erik-krogh pwntester
Credited to erik-krogh and pwntester
Regex denial of service vulnerability in codesample plugin Low
GHSA-h96f-fc7c-9r55 was published for tinymce (npm) Jan 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database