GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
Regular Expression Denial-of-Service in npm schema-inspector
High
CVE-2021-21267
was published
for
schema-inspector
(npm)
Mar 19, 2021
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
High
CVE-2022-31147
was published
for
jquery-validation
(npm)
Jul 5, 2022
Node-Redis potential exponential regex in monitor mode
High
CVE-2021-29469
was published
for
redis
(npm)
Apr 27, 2021
DOM-based cross-site scripting in Froala Editor
Moderate
CVE-2019-19935
was published
for
froala-editor
(npm)
Feb 10, 2022
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values
Moderate
CVE-2021-21412
was published
for
@thi.ng/egf
(npm)
Apr 6, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function
High
CVE-2021-21414
was published
for
@prisma/sdk
(npm)
Apr 6, 2021
Passing in a non-string 'html' argument can lead to unsanitized output
Moderate
CVE-2021-32696
was published
for
striptags
(npm)
Jun 18, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
High
CVE-2021-43785
was published
for
@joeattardi/emoji-button
(npm)
Dec 1, 2021
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
Moderate
CVE-2019-11003
was published
for
@materializecss/materialize
(npm)
Apr 9, 2019
Regular Expression Denial of Service in jquery-validation
High
CVE-2021-21252
was published
for
jQuery.Validation
(npm)
Jan 13, 2021
Apprise vulnerable to regex injection with IFTTT Plugin
High
CVE-2021-39229
was published
for
apprise
(pip)
Sep 20, 2021
Regular Expression Denial of Service in flask-restx
High
CVE-2021-32838
was published
for
flask-restx
(pip)
Sep 8, 2021
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-30608
was published
for
sqlparse
(pip)
Apr 21, 2023
ProTip!
Advisories are also available from the
GraphQL API