Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,893
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
path-to-regexp contains a ReDoS High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
goshop4eva dloetzke
Credited to blakeembrey, ctcpip, goshop4eva, and dloetzke
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon ctcpip
AdamKorcz blakeembrey
Credited to UlisesGascon, ctcpip, AdamKorcz, and blakeembrey
find-my-way has a ReDoS vulnerability in multiparametric routes High
CVE-2024-45813 was published for find-my-way (npm) Sep 18, 2024
blakeembrey mcollina
sealonohana
Credited to blakeembrey, mcollina, and sealonohana
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey ctcpip
uniabis stbenjam pseudoralph mschfh jusemon panva alenovik jaydeep-bypt
Credited to blakeembrey, ctcpip, uniabis, stbenjam, pseudoralph, mschfh, jusemon, panva, alenovik, and jaydeep-bypt
Express.js Open Redirect in malformed URLs Moderate
CVE-2024-29041 was published for express (npm) Mar 25, 2024
FDrag0n jonchurch
blakeembrey wesleytodd ruddermann ctcpip UlisesGascon
Credited to FDrag0n, jonchurch, blakeembrey, wesleytodd, ruddermann, ctcpip, and UlisesGascon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database