Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Uncontrolled Resource Consumption in Apache DolphinScheduler High
CVE-2022-25598 was published for apache-dolphinscheduler (Maven) Mar 31, 2022
git-url-parse Regular Expression Denial of Service High
CVE-2023-32758 was published for git-url-parse (pip) May 15, 2023
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 Credited to nicecatch2000, huonw, garyd203, and levpachmanov huonw huonw
garyd203 garyd203 levpachmanov levpachmanov
Denial of service via regular expression High
CVE-2024-28865 was published for wiki (pip) Mar 18, 2024
stsewd Credited to stsewd, benjaoming, and oscarmcm benjaoming benjaoming
oscarmcm oscarmcm
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider High
GHSA-7c9g-vj9m-8pm6 was published for scrapy (pip) Feb 28, 2024 withdrawn
regular expression denial-of-service (ReDoS) in Bleach High
CVE-2020-6817 was published for bleach (pip) Mar 30, 2020
Django Regex Algorithmic Complexity Causes Denial of Service High
CVE-2009-3695 was published for Django (pip) May 2, 2022
Django ReDoS in validators.URLValidator High
CVE-2015-5145 was published for Django (pip) May 17, 2022
Django denial-of-service vulnerability in internationalized URLs High
CVE-2022-41323 was published for django (pip) Oct 16, 2022
sunSUNQ Credited to sunSUNQ
Regular Expression Denial of Service in flask-restx High
CVE-2021-32838 was published for flask-restx (pip) Sep 8, 2021
erik-krogh Credited to erik-krogh and yoff yoff yoff
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
keysmashes Credited to keysmashes
NLTK Vulnerable to REDoS High
CVE-2021-3842 was published for nltk (pip) Jan 6, 2022
Regular Expression Denial of Service in Leo Editor High
CVE-2020-23478 was published for leo (pip) Sep 23, 2021
markdown2 Regular Expression Denial of Service High
CVE-2021-26813 was published for markdown2 (pip) Jun 2, 2021
NLTK Vulnerable to REDoS High
CVE-2021-3828 was published for nltk (pip) Sep 29, 2021
ReDoS issue in dparse High
CVE-2022-39280 was published for dparse (pip) Sep 27, 2022
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Wagtail regular expression denial-of-service via search query parsing High
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne Credited to RealOrangeOne
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS) High
CVE-2022-40898 was published for wheel (pip) Dec 23, 2022
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint High
CVE-2024-10550 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix Credited to gelbphoenix
Withdrawn Advisory: ReDoS in py library when used with subversion High
CVE-2022-42969 was published for py (pip) Oct 16, 2022 withdrawn
The-Compiler Credited to The-Compiler and jwilk jwilk jwilk
copyparty allows Regex Denial of Service (ReDoS) in the upload listing High
CVE-2025-54796 was published for copyparty (pip) Aug 4, 2025
geraldino2 Credited to geraldino2
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki Credited to dhki and rennf93 rennf93 rennf93
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database