Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm Credited to rozeskjm and G-Rath G-Rath G-Rath
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity High
CVE-2024-10270 was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024
AdamKorcz Credited to AdamKorcz
path-to-regexp contains a ReDoS High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey Credited to blakeembrey, ctcpip, goshop4eva, and dloetzke ctcpip ctcpip
goshop4eva goshop4eva dloetzke dloetzke
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote... High Unreviewed
CVE-2024-41766 was published Jan 4, 2025
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows... High Unreviewed
CVE-2024-46242 was published Jan 7, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory High
CVE-2025-25283 was published for parse-duration (npm) Feb 12, 2025
lirantal Credited to lirantal
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint High
CVE-2024-10550 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-10624 was published for gradio (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular... High Unreviewed
CVE-2024-7779 was published Mar 20, 2025
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute... High Unreviewed
CVE-2024-8764 was published Mar 20, 2025
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ... High Unreviewed
CVE-2024-8789 was published Mar 20, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-8763 was published Mar 20, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version... High Unreviewed
CVE-2024-8998 was published Mar 20, 2025
Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport... High Unreviewed
CVE-2023-0881 was published Mar 31, 2025
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker... High Unreviewed
CVE-2024-13926 was published Apr 19, 2025
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki Credited to dhki and rennf93 rennf93 rennf93
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix Credited to gelbphoenix
copyparty allows Regex Denial of Service (ReDoS) in the upload listing High
CVE-2025-54796 was published for copyparty (pip) Aug 4, 2025
geraldino2 Credited to geraldino2
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of... High Unreviewed
CVE-2025-33090 was published Aug 18, 2025
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
cai0duque Credited to cai0duque
Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10... High Unreviewed
CVE-2025-62484 was published Nov 13, 2025
Valibot has a ReDoS vulnerability in `EMOJI_REGEX` High
CVE-2025-66020 was published for valibot (npm) Nov 26, 2025
makenowjust Credited to makenowjust
Fedify has ReDoS Vulnerability in HTML Parsing Regex High
CVE-2025-68475 was published for @fedify/fedify (npm) Dec 22, 2025
yueyueL Credited to yueyueL
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability High
CVE-2026-0621 was published for @modelcontextprotocol/sdk (npm) Jan 5, 2026
Clashsoft Credited to Clashsoft
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database