Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban Credited to jeran-urban and G-Rath G-Rath G-Rath
v8n vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-35923 was published for v8n (npm) Oct 7, 2022
doublevkay Credited to doublevkay
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
react-native-reanimated vulnerable to ReDoS High
CVE-2022-24373 was published for react-native-reanimated (npm) Oct 1, 2022
tomekzaw Credited to tomekzaw, annaowens, and 1644152b6bb4a628d22d02bc1f865_microsoft annaowens annaowens
1644152b6bb4a628d22d02bc1f865_microsoft 1644152b6bb4a628d22d02bc1f865_microsoft
ReDoS issue in dparse High
CVE-2022-39280 was published for dparse (pip) Sep 27, 2022
steal Inefficient Regular Expression Complexity vulnerability via string variable High
CVE-2022-37259 was published for steal (npm) Sep 21, 2022
mako is vulnerable to Regular Expression Denial of Service High
CVE-2022-40023 was published for mako (pip) Sep 16, 2022
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments High
CVE-2022-37262 was published for steal (npm) Sep 16, 2022
steal vulnerable to Regular Expression Denial of Service via input variable High
CVE-2022-37260 was published for steal (npm) Sep 16, 2022
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS)... High Unreviewed
CVE-2022-29158 was published Sep 3, 2022
Polynomial regular expression used on uncontrolled data in nitrado.js High
CVE-2022-36034 was published for nitrado.js (npm) Aug 31, 2022
Sanitize-html Vulnerable To REDoS Attacks High
CVE-2022-25887 was published for sanitize-html (npm) Aug 31, 2022
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
keysmashes Credited to keysmashes
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule Credited to cowsrule, wejendorp, wwuck, paulmillr, and BGehrels wejendorp wejendorp
wwuck wwuck paulmillr paulmillr BGehrels BGehrels
Terser insecure use of regular expressions leads to ReDoS High
CVE-2022-25858 was published for terser (npm) Jul 16, 2022
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking High
CVE-2022-31781 was published for org.apache.tapestry:tapestry-core (Maven) Jul 14, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
doublevkay Credited to doublevkay
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method High
CVE-2022-31147 was published for jquery-validation (npm) Jul 5, 2022
erik-krogh Credited to erik-krogh, bytestream, and mthreer bytestream bytestream
mthreer mthreer
Regular expression denial of service in scss-tokenizer High
CVE-2022-25758 was published for scss-tokenizer (npm) Jul 2, 2022
jhutchings1 Credited to jhutchings1, G-Rath, and tomas-cerney G-Rath G-Rath
tomas-cerney tomas-cerney
Regular expression denial of service in Delight Nashorn Sandbox High
CVE-2021-40660 was published for org.javadelight:delight-nashorn-sandbox (Maven) Jun 15, 2022
mxro Credited to mxro
Regular expression denial of service in devcert High
CVE-2022-1929 was published for devcert (npm) Jun 3, 2022
Denial of Service Vulnerability in Rack Multipart Parsing High
CVE-2022-30122 was published for rack (RubyGems) May 27, 2022
Duplicate Advisory: ReDoS via crafted JSON input in GJSON High
CVE-2021-42248 was published for github.com/tidwall/gjson (Go) May 25, 2022 withdrawn
Uncontrolled Resource Consumption in Hawk High
CVE-2022-29167 was published for hawk (npm) May 23, 2022
Regular expression denial of service in Apache ShenYu High
CVE-2022-26650 was published for org.apache.shenyu:shenyu (Maven) May 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database