Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,002 advisories

Loading
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible... Moderate Unreviewed
CVE-2020-9059 was published Jan 11, 2022
Allocation of Resources Without Limits or Throttling in Apache Avro High
CVE-2021-43045 was published for Apache.Avro (NuGet) Jan 8, 2022
In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check... Moderate Unreviewed
CVE-2021-44591 was published Jan 7, 2022
Allocation of Resources Without Limits or Throttling in ckb High
CVE-2021-45699 was published for ckb (Rust) Jan 6, 2022
ReDOS in Vfsjfilechooser2 High
CVE-2021-29061 was published for com.github.fracpete:vfsjfilechooser2 (Maven) Jan 6, 2022
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37111 was published Jan 4, 2022
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older... High Unreviewed
CVE-2021-38244 was published Dec 17, 2021
ReDOS in IS-SVG High
CVE-2021-29059 was published for is-svg (npm) Dec 10, 2021
Denial of Service (DoS) in Jackson Dataformat CBOR High
CVE-2020-28491 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-cbor (Maven) Dec 9, 2021
DmitriyLewen
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular... High Unreviewed
CVE-2021-44686 was published Dec 8, 2021
The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the... Moderate Unreviewed
CVE-2021-31787 was published Dec 1, 2021
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the... High Unreviewed
CVE-2021-29329 was published Nov 20, 2021
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
Insufficient size checks in ws High
CVE-2020-35896 was published for ws (Rust) Aug 25, 2021
Uncontrolled memory consumption in protobuf High
CVE-2019-15544 was published for protobuf (Rust) Aug 25, 2021
ReDOS in Mpmath High
CVE-2021-29063 was published for mpmath (pip) Aug 9, 2021
bryan-rhm
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35517 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35516 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Allocation of resources without limits or throttling in keycloak-model-infinispan High
CVE-2021-3637 was published for org.keycloak:keycloak-model-infinispan (Maven) Jul 13, 2021
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings Moderate
CVE-2021-32699 was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Regular Expression Denial of Service (ReDOS) Moderate
CVE-2021-29060 was published for color-string (npm) Jun 22, 2021
Uncontrolled memory consumption Moderate
CVE-2021-31811 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
Denial of service in direct_mail Moderate
CVE-2020-12697 was published for directmailteam/direct-mail (Composer) May 24, 2021
Allocation of Resources Without Limits or Throttling in Hashicorp Consul High
CVE-2020-13250 was published for github.com/hashicorp/consul (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database