GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
min-document vulnerable to prototype pollution
Low
CVE-2025-57352
was published
for
min-document
(npm)
Sep 24, 2025
glob CLI: Command injection via -c/--cmd executes matches with shell:true
High
CVE-2025-64756
was published
for
glob
(npm)
Nov 17, 2025
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
High
CVE-2022-44566
was published
for
activerecord
(RubyGems)
Jan 18, 2023
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
Low
CVE-2026-24001
was published
for
diff
(npm)
Jan 14, 2026
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
High
CVE-2026-26996
was published
for
minimatch
(npm)
Feb 18, 2026
ajv has ReDoS when using `$data` option
Moderate
CVE-2025-69873
was published
for
ajv
(npm)
Feb 11, 2026
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Parcel has an Origin Validation Error vulnerability
Moderate
CVE-2025-56648
was published
for
@parcel/reporter-dev-server
(npm)
Sep 17, 2025
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
Moderate
CVE-2026-55602
was published
for
http-proxy-middleware
(npm)
Jun 18, 2026
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
High
CVE-2026-54297
was published
for
faraday
(RubyGems)
Jun 19, 2026
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
Moderate
CVE-2026-53550
was published
for
js-yaml
(npm)
Jun 15, 2026
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty
(Maven)
Oct 11, 2019
ProTip!
Advisories are also available from the
GraphQL API