GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
411 advisories
Filter by severity
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
High
CVE-2018-17145
was published
for
bcoin
(npm)
Sep 10, 2020
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
GHSA-crh4-294p-vcfq
was published
for
com.vaadin:vaadin-text-field-flow
(Maven)
Apr 19, 2021
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
High
CVE-2018-12545
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 28, 2019
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Regular Expression Denial-of-Service in npm schema-inspector
High
CVE-2021-21267
was published
for
schema-inspector
(npm)
Mar 19, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
High
CVE-2021-41167
was published
for
modern-async
(npm)
Oct 21, 2021
Denial of service in go-ethereum
High
CVE-2021-42219
was published
for
github.com/ethereum/go-ethereum
(Go)
Mar 18, 2022
RESTEasy 4.5.5.Final in hash flooding
High
CVE-2020-14326
was published
for
org.jboss.resteasy:resteasy-bom
(Maven)
Mar 18, 2022
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
Uncontrolled Resource Consumption in Apache ZooKeeper
High
CVE-2017-5637
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
Resource Exhaustion in Spring Security
High
CVE-2021-22119
was published
for
org.springframework.security:spring-security-core
(Maven)
Jul 2, 2021
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
High
CVE-2022-29546
was published
for
net.sourceforge.htmlunit:neko-htmlunit
(Maven)
Apr 26, 2022
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
High
CVE-2022-37734
was published
for
com.graphql-java:graphql-java
(Maven)
Sep 13, 2022
Denial of service binding form from JSON in Play Framework
High
CVE-2022-31018
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints
High
CVE-2022-31054
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Uncontrolled Resource Consumption in fast-string-search
High
CVE-2022-22138
was published
for
fast-string-search
(npm)
Jun 18, 2022
Regular expression denial of service in react-native
High
CVE-2020-1920
was published
for
react-native
(npm)
Jul 20, 2021
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request
High
CVE-2022-35253
was published
for
github.com/hyperledger/fabric
(Go)
Sep 25, 2022
ProTip!
Advisories are also available from the
GraphQL API