Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
Denial of service in Undertow High
CVE-2020-27782 was published for io.undertow:undertow-core (Maven) Feb 9, 2022
Abort caused by allocating a vector that is too large in Tensorflow Moderate
CVE-2022-23580 was published for tensorflow (pip) Feb 7, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Credited to r00t4dm
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive High
CVE-2022-23596 was published for com.github.junrar:junrar (Maven) Feb 1, 2022
occia ZanderHuang
Han0nly
Credited to occia, ZanderHuang, and Han0nly
Denial of Service Vulnerability in next.js Moderate
CVE-2022-21721 was published for next (npm) Jan 28, 2022
ijjk
Credited to ijjk
Denial of Service in graphql-go Moderate
CVE-2022-21708 was published for github.com/graph-gophers/graphql-go (Go) Jan 27, 2022
jupenur
Credited to jupenur
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Credited to frant-hartm
Denial of Service in Onionshare High
CVE-2022-21689 was published for onionshare-cli (pip) Jan 21, 2022
Memory leak in micronaut-core Moderate
CVE-2022-21700 was published for io.micronaut:micronaut-http (Maven) Jan 21, 2022
chrischiappe larrycarasco
Credited to chrischiappe and larrycarasco
Inefficient Regular Expression Complexity in marked High
CVE-2022-21680 was published for marked (npm) Jan 14, 2022
makenowjust
Credited to makenowjust
Uncontrolled Resource Consumption in markdown-it Moderate
CVE-2022-21670 was published for markdown-it (npm) Jan 12, 2022
makenowjust
Credited to makenowjust
Denial-of-service in Django High
CVE-2021-45115 was published for Django (pip) Jan 12, 2022
sunSUNQ
Credited to sunSUNQ
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23382 was published for postcss (npm) Jan 7, 2022
DeeDeeG Towerism
Credited to DeeDeeG and Towerism
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
Denial of Service in ckb High
CVE-2021-45700 was published for ckb (Rust) Jan 6, 2022
Uncontrolled Resource Consumption in simple_asn1 High
CVE-2021-45711 was published for simple_asn1 (Rust) Jan 6, 2022
Uncontrolled Resource Consumption in parse-link-header High
CVE-2021-23490 was published for parse-link-header (npm) Jan 6, 2022
Regular expression deinal of service (ReDoS) in is-my-json-valid Moderate
CVE-2018-1107 was published for is-my-json-valid (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces Low
CVE-2018-1109 was published for braces (npm) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath levpachmanov
Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov
Infinite loop in Apache CFX High
CVE-2021-30468 was published for org.apache.cxf:apache-cxf (Maven) Jan 6, 2022
jsx-slack insufficient patch for CVE-2021-43838 ReDoS Moderate
CVE-2021-43843 was published for jsx-slack (npm) Jan 6, 2022
hieki
Credited to hieki
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Credited to LoboMetalurgico and PleaseInsertNameHere
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database