Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
Insecure Comparison in secure-compare High
CVE-2015-9238 was published for secure-compare (npm) Jun 3, 2019
tdunlap607
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
False-positive validity for NFT1 genesis transactions Critical
CVE-2020-15131 was published for slp-validate (npm) Jul 30, 2020
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
Incorrect Regular Expression in RestSharp High
CVE-2021-27293 was published for RestSharp (NuGet) Jul 14, 2021
Regular expression denial of service in react-native High
CVE-2020-1920 was published for react-native (npm) Jul 20, 2021
Incorrect Comparison in sodiumoxide Critical
CVE-2019-25002 was published for sodiumoxide (Rust) Aug 25, 2021
ruuda
Inefficient Regular Expression Complexity in chalk/ansi-regex High
CVE-2021-3807 was published for ansi-regex (npm) Sep 20, 2021
MylesBorins cji-stripe
G-Rath
Inefficient Regular Expression Complexity in vuelidate High
CVE-2021-3794 was published for @vuelidate/validators (npm) Sep 20, 2021
madcatone
Regular Expression Denial of Service in Leo Editor High
CVE-2020-23478 was published for leo (pip) Sep 23, 2021
NLTK Vulnerable to REDoS High
CVE-2021-3828 was published for nltk (pip) Sep 29, 2021
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
github.com/tidwall/gjson Vulnerable to REDoS attack High
CVE-2021-42836 was published for github.com/tidwall/gjson (Go) Oct 25, 2021
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an... High Unreviewed
CVE-2021-23146 was published Nov 19, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14... Moderate Unreviewed
CVE-2021-39917 was published Dec 14, 2021
Incorrect Comparison in NumPy Moderate
CVE-2021-34141 was published for numpy (pip) Dec 18, 2021
An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows... High Unreviewed
CVE-2021-44078 was published Dec 27, 2021
Incorrect Comparison in cvxopt High
CVE-2021-41500 was published for cvxopt (pip) Jan 7, 2022
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using... Moderate Unreviewed
CVE-2021-40562 was published Jan 13, 2022
A limited authentication bypass vulnerability was discovered that could allow an attacker to... High Unreviewed
CVE-2022-22990 was published Jan 14, 2022
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12... Moderate Unreviewed
CVE-2022-23027 was published Jan 26, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2021-34865 was published Jan 26, 2022
ProTip! Advisories are also available from the GraphQL API