GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
Moderate
CVE-2026-48147
was published
for
@budibase/backend-core
(npm)
Jun 12, 2026
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
Moderate
CVE-2026-47674
was published
for
hono
(npm)
Jun 4, 2026
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
High
GHSA-jccr-rrw2-vc8h
was published
for
openclaw
(npm)
Mar 31, 2026
SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()
High
CVE-2026-33418
was published
for
@dicebear/converter
(npm)
Mar 20, 2026
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Moderate
CVE-2026-3419
was published
for
fastify
(npm)
Mar 5, 2026
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Critical
CVE-2026-25896
was published
for
fast-xml-parser
(npm)
Feb 20, 2026
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Moderate
CVE-2026-24398
was published
for
hono
(npm)
Jan 27, 2026
parse-uri Regular expression Denial of Service (ReDoS)
Moderate
CVE-2024-36751
was published
for
parse-uri
(npm)
Jan 16, 2025
Regular Expression Denial of Service in papaparse
High
CVE-2020-36649
was published
for
papaparse
(npm)
Sep 4, 2020
Duplicate Advisory: Regular Expression Denial of Service in braces
Low
GHSA-g95f-p29q-9xw4
was published
for
braces
(npm)
Jun 6, 2019
•
withdrawn
uap-core Regular Expression Denial of Service issue
Moderate
CVE-2018-20164
was published
for
uap-core
(npm)
Mar 6, 2019
Regular Expression Denial of Service in sshpk
High
CVE-2018-3737
was published
for
sshpk
(npm)
Aug 15, 2018
ProTip!
Advisories are also available from the
GraphQL API