Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
Insufficient size checks in ws High
CVE-2020-35896 was published for ws (Rust) Aug 25, 2021
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the... High Unreviewed
CVE-2021-29329 was published Nov 20, 2021
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular... High Unreviewed
CVE-2021-44686 was published Dec 8, 2021
Denial of Service (DoS) in Jackson Dataformat CBOR High
CVE-2020-28491 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-cbor (Maven) Dec 9, 2021
DmitriyLewen
ReDOS in IS-SVG High
CVE-2021-29059 was published for is-svg (npm) Dec 10, 2021
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older... High Unreviewed
CVE-2021-38244 was published Dec 17, 2021
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37111 was published Jan 4, 2022
ReDOS in Vfsjfilechooser2 High
CVE-2021-29061 was published for com.github.fracpete:vfsjfilechooser2 (Maven) Jan 6, 2022
Allocation of Resources Without Limits or Throttling in ckb High
CVE-2021-45699 was published for ckb (Rust) Jan 6, 2022
Allocation of Resources Without Limits or Throttling in Apache Avro High
CVE-2021-43045 was published for Apache.Avro (NuGet) Jan 8, 2022
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely... High Unreviewed
CVE-2021-39293 was published Jan 25, 2022
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
Allocation of Resources Without Limits or Throttling in Keycloak High
CVE-2020-10758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
An authenticated user without any specific authorizations may be able to repeatedly invoke the... High Unreviewed
CVE-2021-32036 was published Feb 10, 2022
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41840 was published Feb 10, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor... High Unreviewed
CVE-2021-22050 was published Feb 17, 2022
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote... High Unreviewed
CVE-2022-23228 was published Feb 19, 2022
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU... High Unreviewed
CVE-2016-20013 was published Feb 20, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2022-24685 was published for github.com/hashicorp/nomad (Go) Mar 1, 2022
Twisted SSH client and server deny of service during SSH handshake. High
CVE-2022-21716 was published for twisted (pip) Mar 3, 2022
Idan-D vin01
Moodle denial-of-service risk in the draft files area High
CVE-2021-32476 was published for moodle/moodle (Composer) Mar 12, 2022
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner... High Unreviewed
CVE-2017-20016 was published Mar 29, 2022
ProTip! Advisories are also available from the GraphQL API