Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources High
CVE-2021-28165 was published for org.eclipse.jetty:jetty-server (Maven) Apr 6, 2021
Pygments vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-27291 was published for Pygments (pip) Mar 29, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Regular Expression Denial of Service (ReDoS) High
CVE-2021-28092 was published for is-svg (npm) Mar 19, 2021
Regular Expression Denial of Service (ReDoS) High
CVE-2021-27290 was published for ssri (npm) Mar 19, 2021
printf vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-23354 was published for printf (npm) Mar 19, 2021
Regular Expression Denial-of-Service in npm schema-inspector High
CVE-2021-21267 was published for schema-inspector (npm) Mar 19, 2021
erik-krogh
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Uncontrolled Resource Consumption in Apache Thrift High
CVE-2020-13949 was published for org.apache.thrift:libthrift (Maven) Mar 12, 2021
jspdf vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-23353 was published for jspdf (npm) Mar 12, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
Denial of service in three High
CVE-2020-28496 was published for three (npm) Mar 1, 2021
Denial of service in prismjs High
CVE-2021-23341 was published for prismjs (npm) Mar 1, 2021
Regular Expression Denial of Service (REDoS) in httplib2 High
CVE-2021-21240 was published for httplib2 (pip) Feb 8, 2021
b-c-ds
Prototype pollution in total.js High
CVE-2020-28495 was published for total.js (npm) Feb 5, 2021
Unbounded connection acceptance in http4s-blaze-server High
CVE-2021-21294 was published for org.http4s:http4s-blaze-server_2.12 (Maven) Feb 2, 2021
Unbounded connection acceptance leads to file handle exhaustion High
CVE-2021-21293 was published for org.http4s:blaze-core_2.11 (Maven) Feb 2, 2021
Denial of Service in uap-core High
CVE-2021-21317 was published for uap-core (npm) Feb 2, 2021
Prototype pollution in nested-object-assign High
CVE-2021-23329 was published for nested-object-assign (npm) Feb 1, 2021
Prototype pollution in gsap High
CVE-2020-28478 was published for gsap (npm) Jan 20, 2021
Prototype pollution in JointJS High
CVE-2020-28480 was published for jointjs (npm) Jan 20, 2021
Regular Expression Denial of Service in jquery-validation High
CVE-2021-21252 was published for jQuery.Validation (npm) Jan 13, 2021
erik-krogh pwntester
Regular Expression Denial of Service in CairoSVG High
CVE-2021-21236 was published for CairoSVG (pip) Jan 6, 2021
b-c-ds
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database