Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

248 advisories

Loading
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation Moderate
CVE-2025-27097 was published for @graphql-mesh/runtime (npm) Oct 10, 2023
ardatan khell
Chaijs/get-func-name vulnerable to ReDoS High
CVE-2023-43646 was published for get-func-name (npm) Sep 27, 2023
GAP-dev keithamus
graphql Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-26144 was published for graphql (npm) Sep 20, 2023
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
is_js vulnerable to Regular Expression Denial of Service High
CVE-2020-26302 was published for is_js (npm) Jul 6, 2023
Directus API vulnerable to denial of service Moderate
CVE-2020-19850 was published for directus (npm) Apr 4, 2023
Denial of Service vulnerability in lite-web-server High
CVE-2023-26104 was published for lite-web-server (npm) Feb 25, 2023
lirantal
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki tdunlap607
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
minimatch ReDoS vulnerability High
CVE-2022-3517 was published for minimatch (npm) Oct 18, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban G-Rath
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
v8n vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-35923 was published for v8n (npm) Oct 7, 2022
vovikhangcdv
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
d3-color vulnerable to ReDoS High
GHSA-36jr-mh4h-2g58 was published for d3-color (npm) Sep 29, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE Moderate
CVE-2022-36083 was published for jose (npm) Sep 16, 2022
TomTervoort panva
Churro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database