Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
mechanize Regular Expression Denial of Service vulnerability High
CVE-2021-32837 was published for mechanize (pip) Jan 18, 2023
mel-spintax has Inefficient Regular Expression Complexity Moderate
CVE-2018-25077 was published for mel-spintax (npm) Jan 18, 2023
sunnypatell Credited to sunnypatell
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2 Credited to sno2
ReDoS based DoS vulnerability in GlobalID Low
CVE-2023-22799 was published for globalid (RubyGems) Jan 18, 2023
tdunlap607 Credited to tdunlap607
Denial of service via multipart parsing in Rack Low
CVE-2022-44572 was published for rack (RubyGems) Jan 18, 2023
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01, esparta, and levpachmanov esparta esparta
levpachmanov levpachmanov
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01, postmodern, and G-Rath postmodern postmodern
G-Rath G-Rath
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01 and postmodern postmodern postmodern
Denial of Service Vulnerability in Rack Content-Disposition parsing Low
CVE-2022-44571 was published for rack (RubyGems) Jan 18, 2023
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath Credited to G-Rath and timtheguy-bs timtheguy-bs timtheguy-bs
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607 Credited to tdunlap607
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki Credited to petruki and tdunlap607 tdunlap607 tdunlap607
is-url Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25079 was published for is-url (npm) Feb 4, 2023
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability Moderate
CVE-2023-25166 was published for @sideway/formula (npm) Feb 8, 2023
sno2 Credited to sno2
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service High
GHSA-8x6c-cv3v-vp6g was published for cacheable-request (npm) Feb 11, 2023 withdrawn
Regular Expression Denial of Service in simple-markdown High
CVE-2019-25103 was published for simple-markdown (npm) Feb 12, 2023
Regular Expression Denial of Service in simple-markdown High
CVE-2019-25102 was published for simple-markdown (npm) Feb 12, 2023
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic.... High Unreviewed
CVE-2020-36661 was published Feb 12, 2023
Regular Expression Denial of Service in Headers High
CVE-2023-24807 was published for undici (npm) Feb 16, 2023
sno2 Credited to sno2
Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of... High Unreviewed
CVE-2021-32848 was published Feb 20, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service High
GHSA-xr9w-x6gw-c9mj was published for deno (Rust) Feb 25, 2023 withdrawn
angular vulnerable to regular expression denial of service via the <input type="url"> element Moderate
CVE-2023-26118 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the angular.copy() utility Moderate
CVE-2023-26116 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service Moderate
CVE-2023-26117 was published for angular (npm) Mar 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database