Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Elysia has a string URL format ReDoS High
CVE-2026-30837 was published for elysia (npm) Mar 10, 2026
EdamAme-x Credited to EdamAme-x
Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery High
CVE-2026-30925 was published for parse-server (npm) Mar 10, 2026
TinkAnet Credited to TinkAnet and mtrezza mtrezza mtrezza
OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction Moderate
GHSA-c6hr-w26q-c636 was published for openclaw (npm) Mar 2, 2026
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions High
CVE-2026-27904 was published for minimatch (npm) Feb 26, 2026
dolevmiz1 Credited to dolevmiz1
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern High
CVE-2026-26996 was published for minimatch (npm) Feb 18, 2026
AkshayJainG Credited to AkshayJainG, ljharb, G-Rath, thomas-schlein, isaacs, and SamanthaPersico ljharb ljharb
G-Rath G-Rath thomas-schlein thomas-schlein isaacs isaacs SamanthaPersico SamanthaPersico
markdown-it is has a Regular Expression Denial of Service (ReDoS) Moderate
CVE-2026-2327 was published for markdown-it (npm) Feb 12, 2026
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` High
CVE-2026-23897 was published for @apollo/server (npm) Feb 4, 2026
ChALkeR Credited to ChALkeR
@isaacs/brace-expansion has Uncontrolled Resource Consumption High
CVE-2026-25547 was published for @isaacs/brace-expansion (npm) Feb 3, 2026
Jvr2022 Credited to Jvr2022 and intrigus-lgtm intrigus-lgtm intrigus-lgtm
seroval affected by Denial of Service via RegExp serialization High
CVE-2026-23956 was published for seroval (npm) Jan 21, 2026
tweidinger Credited to tweidinger and lxsmnsyc lxsmnsyc lxsmnsyc
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch Low
CVE-2026-24001 was published for diff (npm) Jan 14, 2026
guiyi-he Credited to guiyi-he, ExplodingCabbage, G-Rath, and CraigHammondDexcom ExplodingCabbage ExplodingCabbage
G-Rath G-Rath CraigHammondDexcom CraigHammondDexcom
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2026-22809 was published for tarteaucitronjs (npm) Jan 13, 2026
Yasha-ops Credited to Yasha-ops
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability High
CVE-2026-0621 was published for @modelcontextprotocol/sdk (npm) Jan 5, 2026
Clashsoft Credited to Clashsoft
Fedify has ReDoS Vulnerability in HTML Parsing Regex High
CVE-2025-68475 was published for @fedify/fedify (npm) Dec 22, 2025
yueyueL Credited to yueyueL
Valibot has a ReDoS vulnerability in `EMOJI_REGEX` High
CVE-2025-66020 was published for valibot (npm) Nov 26, 2025
makenowjust Credited to makenowjust
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
cai0duque Credited to cai0duque
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser Low
GHSA-xffm-g5w8-qvg7 was published for @eslint/plugin-kit (npm) Jul 18, 2025
ericcornelissen Credited to ericcornelissen and Qix- Qix- Qix-
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
mhassan1 Credited to mhassan1
Marked allows Regular Expression Denial of Service (ReDoS) attacks Moderate
CVE-2018-25110 was published for marked (npm) May 23, 2025
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-26042 was published for uptime-kuma (npm) Mar 31, 2025
guiyi-he Credited to guiyi-he
@mozilla/readability Denial of Service through Regex Low
CVE-2025-2792 was published for @mozilla/readability (npm) Mar 26, 2025
Duplicate Advisory: Uptime Kuma ReDoS vulnerability Moderate
GHSA-3rw8-4xrq-3f7p was published for uptime-kuma (npm) Mar 17, 2025 withdrawn
marcschaeferger Credited to marcschaeferger
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database