Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Credited to erik-krogh
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way High
CVE-2021-37137 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
Credited to orvdoo and westonsteimel
Bzip2Decoder doesn't allow setting size restrictions for decompressed data High
CVE-2021-37136 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
Credited to orvdoo and westonsteimel
Regular Expression Denial of Service in flask-restx High
CVE-2021-32838 was published for flask-restx (pip) Sep 8, 2021
erik-krogh yoff
Credited to erik-krogh and yoff
Uncontrolled Resource Consumption in pillow High
CVE-2021-23437 was published for pillow (pip) Sep 7, 2021
Uncontrolled Resource Consumption in trim-off-newlines Moderate
CVE-2021-23425 was published for trim-off-newlines (npm) Sep 2, 2021
Uncontrolled Resource Consumption in ansi-html High
CVE-2021-23424 was published for ansi-html (npm) Sep 2, 2021
Diddern
Credited to Diddern
Uncontrolled Resource Consumption in transpile Moderate
CVE-2021-23429 was published for transpile (npm) Sep 2, 2021
axios Inefficient Regular Expression Complexity vulnerability High
CVE-2021-3749 was published for axios (npm) Sep 1, 2021
Unlimited transforms allowed for signed nodes Moderate
CVE-2021-39171 was published for passport-saml (npm) Aug 30, 2021
pp-ps
Credited to pp-ps
Remote memory exhaustion in ckb High
GHSA-48vq-8jqv-gm6f was published for ckb (Rust) Aug 25, 2021
Unchecked vector pre-allocation Moderate
GHSA-mcrf-7hf9-f6q5 was published for rmpv (Rust) Aug 25, 2021
Uncontrolled Resource Consumption in parse_duration High
CVE-2021-29932 was published for parse_duration (Rust) Aug 25, 2021
Soundness issue in raw-cpuid High
CVE-2021-26306 was published for raw-cpuid (Rust) Aug 25, 2021
Error on unsupported architectures in raw-cpuid Moderate
CVE-2021-26307 was published for raw-cpuid (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Mutable reference with immutable provenance in image Moderate
CVE-2020-35916 was published for image (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Insufficient size checks in ws High
CVE-2020-35896 was published for ws (Rust) Aug 25, 2021
Excessive memory usage in tokio-rustls High
CVE-2020-35875 was published for tokio-rustls (Rust) Aug 25, 2021
Stack consumption in trust-dns-server High
CVE-2020-35857 was published for trust-dns-server (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Memory exhaustion in asn1_der High
CVE-2019-15549 was published for asn1_der (Rust) Aug 25, 2021
Regular Expression Denial of Service in path-parse Moderate
CVE-2021-23343 was published for path-parse (npm) Aug 10, 2021
Regular Expression Denial of Service in System.Text.RegularExpressions High
CVE-2019-0820 was published for System.Text.RegularExpressions (NuGet) Aug 4, 2021
r-bit-rry
Credited to r-bit-rry
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion High
CVE-2021-23409 was published for github.com/pires/go-proxyproto (Go) Jul 26, 2021
tdunlap607
Credited to tdunlap607
Denial of Service in SheetJS Pro Moderate
CVE-2021-32012 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Denial of Service in SheetsJS Pro Moderate
CVE-2021-32013 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database