GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
ReDoS Vulnerability in ua-parser-js version
High
CVE-2022-25927
was published
for
ua-parser-js
(npm)
Jan 24, 2023
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Critical
CVE-2022-2900
was published
for
parse-url
(npm)
Sep 15, 2022
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Critical
CVE-2018-19360
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
thorsten/phpmyfaq vulnerable to business logic errors
High
CVE-2023-1887
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
Regular Expression Denial of Service in clean-css
Low
GHSA-wxhq-pm8v-cw75
was published
for
clean-css
(npm)
Jun 5, 2019
Open Redirect in xdLocalStorage
Moderate
CVE-2020-11611
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9544
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Uncaught exception in engine.io
Moderate
CVE-2022-41940
was published
for
engine.io
(npm)
Nov 21, 2022
Server-Side Request Forgery in dompdf/dompdf
Moderate
CVE-2022-0085
was published
for
dompdf/dompdf
(Composer)
Jun 29, 2022
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Regular Expression Denial of Service in slug
Moderate
CVE-2017-16117
was published
for
slug
(npm)
Jul 24, 2018
Inefficient Regular Expression Complexity in Validator.js
Moderate
GHSA-xx4c-jj58-r7x6
was published
for
validator
(npm)
Nov 19, 2021
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
ProTip!
Advisories are also available from the
GraphQL API