Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service Moderate
CVE-2026-40074 was published for @sveltejs/kit (npm) Apr 10, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
Cube Core is vulnerable to Denial of Service (DoS) via crafted request Moderate
CVE-2026-25957 was published for @cubejs-backend/server-core (npm) Feb 10, 2026
ovr Credited to ovr
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
React Router allows a DoS via cache poisoning by forcing SPA mode High
CVE-2025-43864 was published for react-router (npm) Apr 24, 2025
cold-try Credited to cold-try
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to Moderate
CVE-2024-39691 was published for matrix-appservice-irc (npm) Jul 5, 2024
progval Credited to progval
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed High
CVE-2024-32652 was published for @hono/node-server (npm) Apr 19, 2024
Unauthenticated Denial of Service in the octokit/webhooks library High
CVE-2023-50728 was published for @octokit/app (npm) Dec 16, 2023
Directus crashes on invalid WebSocket message High
CVE-2023-45820 was published for directus (npm) Oct 19, 2023
nles Credited to nles
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit Moderate
CVE-2022-41777 was published for nadesiko3 (npm) Dec 5, 2022
Directus vulnerable to unhandled exception on illegal filename_disk value Moderate
CVE-2022-36031 was published for directus (npm) Aug 30, 2022
wgorecki Credited to wgorecki
Uncaught Exception in engine.io High
CVE-2022-21676 was published for engine.io (npm) Jan 13, 2022
marwej Credited to marwej
Denial of Service in soketi High
CVE-2022-21667 was published for @soketi/soketi (npm) Jan 8, 2022
Uncontrolled Resource Consumption in transpile Moderate
CVE-2021-23429 was published for transpile (npm) Sep 2, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy Credited to mstniy
Improper Handling of Exceptional Conditions in detect-character-encoding High
CVE-2021-39157 was published for detect-character-encoding (npm) Aug 25, 2021
Improper exception handling in Aedes High
CVE-2020-13410 was published for aedes (npm) May 6, 2021
Denial of Service (DoS) in restify-paginate High
CVE-2020-27543 was published for restify-paginate (npm) Apr 12, 2021
Denial of Service in axios High
CVE-2019-10742 was published for axios (npm) May 29, 2019
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database