Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
multipart vulnerable to ReDoS in `parse_options_header()` High
CVE-2026-28356 was published for multipart (pip) Mar 12, 2026
sharanxP Credited to sharanxP
Elysia has a string URL format ReDoS High
CVE-2026-30837 was published for elysia (npm) Mar 10, 2026
EdamAme-x Credited to EdamAme-x
Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery High
CVE-2026-30925 was published for parse-server (npm) Mar 10, 2026
TinkAnet Credited to TinkAnet and mtrezza mtrezza mtrezza
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions High
CVE-2026-27904 was published for minimatch (npm) Feb 26, 2026
dolevmiz1 Credited to dolevmiz1
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern High
CVE-2026-26996 was published for minimatch (npm) Feb 18, 2026
AkshayJainG Credited to AkshayJainG, ljharb, G-Rath, thomas-schlein, isaacs, and SamanthaPersico ljharb ljharb
G-Rath G-Rath thomas-schlein thomas-schlein isaacs isaacs SamanthaPersico SamanthaPersico
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` High
CVE-2026-23897 was published for @apollo/server (npm) Feb 4, 2026
ChALkeR Credited to ChALkeR
@isaacs/brace-expansion has Uncontrolled Resource Consumption High
CVE-2026-25547 was published for @isaacs/brace-expansion (npm) Feb 3, 2026
Jvr2022 Credited to Jvr2022 and intrigus-lgtm intrigus-lgtm intrigus-lgtm
seroval affected by Denial of Service via RegExp serialization High
CVE-2026-23956 was published for seroval (npm) Jan 21, 2026
tweidinger Credited to tweidinger and lxsmnsyc lxsmnsyc lxsmnsyc
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability High
CVE-2026-0621 was published for @modelcontextprotocol/sdk (npm) Jan 5, 2026
Clashsoft Credited to Clashsoft
Fedify has ReDoS Vulnerability in HTML Parsing Regex High
CVE-2025-68475 was published for @fedify/fedify (npm) Dec 22, 2025
yueyueL Credited to yueyueL
Valibot has a ReDoS vulnerability in `EMOJI_REGEX` High
CVE-2025-66020 was published for valibot (npm) Nov 26, 2025
makenowjust Credited to makenowjust
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
cai0duque Credited to cai0duque
copyparty allows Regex Denial of Service (ReDoS) in the upload listing High
CVE-2025-54796 was published for copyparty (pip) Aug 4, 2025
geraldino2 Credited to geraldino2
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix Credited to gelbphoenix
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki Credited to dhki and rennf93 rennf93 rennf93
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint High
CVE-2024-10550 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-10624 was published for gradio (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory High
CVE-2025-25283 was published for parse-duration (npm) Feb 12, 2025
lirantal Credited to lirantal
path-to-regexp contains a ReDoS High
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey Credited to blakeembrey, ctcpip, goshop4eva, and dloetzke ctcpip ctcpip
goshop4eva goshop4eva dloetzke dloetzke
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity High
CVE-2024-10270 was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024
AdamKorcz Credited to AdamKorcz
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm Credited to rozeskjm and G-Rath G-Rath G-Rath
Permissive Regular Expression in tacquito High
GHSA-p5wf-cmr4-xrwr was published for github.com/facebookincubator/tacquito (Go) Oct 18, 2024
find-my-way has a ReDoS vulnerability in multiparametric routes High
CVE-2024-45813 was published for find-my-way (npm) Sep 18, 2024
blakeembrey Credited to blakeembrey, mcollina, and sealonohana mcollina mcollina
sealonohana sealonohana
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm Credited to eslerm and cure53 cure53 cure53
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database