Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer High
CVE-2022-23517 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah High
CVE-2022-23514 was published for loofah (RubyGems) Dec 13, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
doublevkay Credited to doublevkay
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed... High Unreviewed
CVE-2024-6232 was published Sep 3, 2024
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard... High Unreviewed
CVE-2024-7592 was published Aug 19, 2024
angular vulnerable to super-linear runtime due to backtracking High
CVE-2024-21490 was published for angular (Maven) Feb 10, 2024
Regular Expression Denial of Service in is-my-json-valid High
CVE-2016-2537 was published for is-my-json-valid (npm) Oct 24, 2017
shaked-seal Credited to shaked-seal
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath Credited to G-Rath and timtheguy-bs timtheguy-bs timtheguy-bs
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-10624 was published for gradio (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute... High Unreviewed
CVE-2024-8764 was published Mar 20, 2025
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ... High Unreviewed
CVE-2024-8789 was published Mar 20, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-8763 was published Mar 20, 2025
A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular... High Unreviewed
CVE-2024-7779 was published Mar 20, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of... High Unreviewed
CVE-2024-6038 was published Jun 27, 2024
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki Credited to dhki and rennf93 rennf93 rennf93
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
cai0duque Credited to cai0duque
SheetJS Regular Expression Denial of Service (ReDoS) High
CVE-2024-22363 was published for xlsx (npm) Apr 5, 2024
kb-med Credited to kb-med
Inefficient Regular Expression Complexity in Liferay Portal High
CVE-2022-42124 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
dsimk Credited to dsimk
Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport... High Unreviewed
CVE-2023-0881 was published Mar 31, 2025
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of... High Unreviewed
CVE-2025-33090 was published Aug 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database