Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
Foundation Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26304 was published for foundation-sites (npm) Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26305 was published for commonregex (npm) Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service Moderate
CVE-2020-26303 was published for insane (npm) Oct 26, 2024
Permissive Regular Expression in tacquito High
GHSA-p5wf-cmr4-xrwr was published for github.com/facebookincubator/tacquito (Go) Oct 18, 2024
Possible ReDoS vulnerability in block_format in Action Mailer Moderate
CVE-2024-47889 was published for actionmailer (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Moderate
CVE-2024-47888 was published for actiontext (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Moderate
CVE-2024-47887 was published for actionpack (RubyGems) Oct 15, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function Low
CVE-2024-9506 was published for vue (npm) Oct 15, 2024
m3t3kh4n Credited to m3t3kh4n
xhtml2pdf Denial of Service via crafted string Moderate
CVE-2024-25885 was published for xhtml2pdf (pip) Oct 8, 2024
Inefficient Regular Expression Complexity in langflow Moderate
CVE-2024-9277 was published for langflow (pip) Sep 27, 2024
m3t3kh4n Credited to m3t3kh4n
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
weddige Credited to weddige
find-my-way has a ReDoS vulnerability in multiparametric routes High
CVE-2024-45813 was published for find-my-way (npm) Sep 18, 2024
blakeembrey Credited to blakeembrey, mcollina, and sealonohana mcollina mcollina
sealonohana sealonohana
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm Credited to eslerm and cure53 cure53 cure53
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey Credited to blakeembrey, ctcpip, uniabis, stbenjam, pseudoralph, mschfh, jusemon, panva, alenovik, and jaydeep-bypt ctcpip ctcpip
uniabis uniabis stbenjam stbenjam pseudoralph pseudoralph mschfh mschfh jusemon jusemon panva panva alenovik alenovik jaydeep-bypt jaydeep-bypt
ReDoS in urlregex Moderate
CVE-2020-36830 was published for urlregex (npm) Sep 2, 2024
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security Credited to Gauss-Security, amitguptagwl, iamvolvo, and aaron-belenky amitguptagwl amitguptagwl
iamvolvo iamvolvo aaron-belenky aaron-belenky
(ReDoS) Regular Expression Denial of Service in tf2-item-format High
CVE-2024-41655 was published for tf2-item-format (npm) Jul 23, 2024
piman51277 Credited to piman51277
Wagtail regular expression denial-of-service via search query parsing High
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne Credited to RealOrangeOne
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing Moderate
CVE-2024-39316 was published for rack (RubyGems) Jul 3, 2024
dwisiswant0 Credited to dwisiswant0
ua-parser/uap-php ReDoS vulnerability Moderate
GHSA-78hm-5hjw-58mh was published for ua-parser/uap-php (Composer) Jun 7, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header High
CVE-2014-5244 was published for symfony/http-foundation (Composer) May 30, 2024
Regular Expression Denial of Service (ReDoS) in micromatch Moderate
CVE-2024-4067 was published for micromatch (npm) May 14, 2024
jagonalez Credited to jagonalez and cx-mario-teixeira cx-mario-teixeira cx-mario-teixeira
TCPDF vulnerable to Regular Expression Denial of Service Moderate
CVE-2024-22640 was published for tecnickcom/tcpdf (Composer) Apr 19, 2024
Starfox64 Credited to Starfox64
Pydantic regular expression denial of service Moderate
CVE-2024-3772 was published for pydantic (pip) Apr 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database