Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

150 advisories

Loading
OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction Moderate
CVE-2026-22178 was published for openclaw (npm) Mar 2, 2026
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to... Moderate Unreviewed
CVE-2019-16215 was published May 24, 2022
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot Credited to byroot
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in... Moderate Unreviewed
CVE-2026-26936 was published Feb 26, 2026
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
sunnypatell Credited to sunnypatell
mel-spintax has Inefficient Regular Expression Complexity Moderate
CVE-2018-25077 was published for mel-spintax (npm) Jan 18, 2023
sunnypatell Credited to sunnypatell
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25285 was published for @octokit/endpoint (npm) Feb 14, 2025
guiyi-he Credited to guiyi-he and G-Rath G-Rath G-Rath
markdown-it is has a Regular Expression Denial of Service (ReDoS) Moderate
CVE-2026-2327 was published for markdown-it (npm) Feb 12, 2026
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25290 was published for @octokit/request (npm) Feb 14, 2025
guiyi-he Credited to guiyi-he and MaikelvandenHurk-TomTom MaikelvandenHurk-TomTom MaikelvandenHurk-TomTom
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2026-22809 was published for tarteaucitronjs (npm) Jan 13, 2026
Yasha-ops Credited to Yasha-ops
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki -... Moderate Unreviewed
CVE-2026-0668 was published Jan 7, 2026
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane Credited to Cycloctane and rennf93 rennf93 rennf93
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability... Moderate Unreviewed
CVE-2025-5342 was published Oct 30, 2025
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken Credited to guidovranken
Regular expression denial-of-service in Django Moderate
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131 Credited to MarkLee131
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
TCPDF vulnerable to Regular Expression Denial of Service Moderate
CVE-2024-22640 was published for tecnickcom/tcpdf (Composer) Apr 19, 2024
Starfox64 Credited to Starfox64
URI gem has ReDoS vulnerability Moderate
CVE-2023-36617 was published for uri (RubyGems) Jun 29, 2023
jasnow Credited to jasnow and maxfelsher-cgi maxfelsher-cgi maxfelsher-cgi
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-30608 was published for sqlparse (pip) Apr 21, 2023
erik-krogh Credited to erik-krogh
Vercel ms Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2017-20162 was published for ms (npm) Jan 5, 2023
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement Moderate
CVE-2025-27220 was published for cgi (RubyGems) Mar 3, 2025
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
angular vulnerable to regular expression denial of service via the angular.copy() utility Moderate
CVE-2023-26116 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service Moderate
CVE-2023-26117 was published for angular (npm) Mar 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database