Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Regular Expression Denial of Service in clean-css Low
GHSA-wxhq-pm8v-cw75 was published for clean-css (npm) Jun 5, 2019
G-Rath Credited to G-Rath
Regular Expression Denial of Service in marked Low
GHSA-ch52-vgq2-943f was published for marked (npm) Sep 3, 2020
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki Credited to hieki
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jquery-validation (npm) Jun 3, 2022
klaudialax Credited to klaudialax and amita-seal amita-seal amita-seal
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
lambda-middleware Inefficient Regular Expression Complexity vulnerability Low
CVE-2021-4437 was published for @lambda-middleware/json-deserializer (npm) Feb 12, 2024
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev Credited to GAP-dev and SCH227 SCH227 SCH227
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function Low
CVE-2024-9506 was published for vue (npm) Oct 15, 2024
m3t3kh4n Credited to m3t3kh4n
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk Credited to mariancorneci-snyk, SuperMaxine, and MikuroXina SuperMaxine SuperMaxine
MikuroXina MikuroXina
@mozilla/readability Denial of Service through Regex Low
CVE-2025-2792 was published for @mozilla/readability (npm) Mar 26, 2025
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
mhassan1 Credited to mhassan1
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser Low
GHSA-xffm-g5w8-qvg7 was published for @eslint/plugin-kit (npm) Jul 18, 2025
ericcornelissen Credited to ericcornelissen and Qix- Qix- Qix-
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch Low
CVE-2026-24001 was published for diff (npm) Jan 14, 2026
guiyi-he Credited to guiyi-he, ExplodingCabbage, G-Rath, and CraigHammondDexcom ExplodingCabbage ExplodingCabbage
G-Rath G-Rath CraigHammondDexcom CraigHammondDexcom
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database