Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

154 advisories

Loading
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath timtheguy-bs
Credited to G-Rath and timtheguy-bs
Finance.js vulnerable to DoS via the IRR function’s depth parameter High
CVE-2025-56571 was published for financejs (npm) Sep 30, 2025
@nubosoftware/node-static failure to catch exception can result in server crash High
CVE-2025-11149 was published for @nubosoftware/node-static (npm) Sep 30, 2025
lirantal
Credited to lirantal
Finance.js vulnerable to DoS via the seekZero() parameter High
CVE-2025-56572 was published for financejs (npm) Sep 30, 2025
apidoc-core is vulnerable to prototype pollution High
CVE-2025-57317 was published for apidoc-core (npm) Sep 25, 2025
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
cai0duque
Credited to cai0duque
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Credited to anlakii
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath
Credited to G-Rath
@stryker-mutator/util vulnerable to Prototype Pollution High
CVE-2024-57085 was published for @stryker-mutator/util (npm) Feb 6, 2025
saip-loginsoft saip007
Credited to saip-loginsoft and saip007
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
DanielRuf
Credited to DanielRuf
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne G-Rath
decsecre583
Credited to darrachequesne, G-Rath, and decsecre583
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Credited to lirantal
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule wejendorp
wwuck paulmillr BGehrels
Credited to cowsrule, wejendorp, wwuck, paulmillr, and BGehrels
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL FeBe95
Credited to RDIL and FeBe95
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12534 was published for open-webui (npm) Mar 20, 2025
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
taraspos
Credited to taraspos
jsPDF Bypass Regular Expression Denial of Service (ReDoS) High
CVE-2025-29907 was published for jspdf (npm) Mar 18, 2025
Denial of service in css-what High
CVE-2021-33587 was published for css-what (npm) Jun 7, 2021
Uncontrolled Resource Consumption in ansi-html High
CVE-2021-23424 was published for ansi-html (npm) Sep 2, 2021
Diddern
Credited to Diddern
axios Inefficient Regular Expression Complexity vulnerability High
CVE-2021-3749 was published for axios (npm) Sep 1, 2021
Regular Expression Denial of Service (ReDoS) High
GHSA-h6ch-v84p-w6p9 was published for diff (npm) Jun 13, 2019
Directus GraphQL Field Duplication Denial of Service (DoS) High
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof
Credited to asantof
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database