Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,793
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern High
CVE-2026-26996 was published for minimatch (npm) Feb 18, 2026
AkshayJainG Credited to AkshayJainG, ljharb, G-Rath, thomas-schlein, isaacs, and SamanthaPersico ljharb ljharb
G-Rath G-Rath thomas-schlein thomas-schlein isaacs isaacs SamanthaPersico SamanthaPersico
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion High
CVE-2025-15284 was published for qs (npm) Dec 30, 2025
samipmainali Credited to samipmainali and ljharb ljharb ljharb
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi Credited to AmeerAssadi, FeBe95, and ljharb FeBe95 FeBe95
ljharb ljharb
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
balles Credited to balles, skrtheboss, and ljharb skrtheboss skrtheboss
ljharb ljharb
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack High
CVE-2023-46234 was published for browserify-sign (npm) Oct 26, 2023
roadicing Credited to roadicing, ljharb, and katzj ljharb ljharb
katzj katzj
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain Credited to mrgrain, G-Rath, and ljharb G-Rath G-Rath
ljharb ljharb
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
ljharb Credited to ljharb
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database