Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
Regular Expression Denial of Service in clean-css Low
GHSA-wxhq-pm8v-cw75 was published for clean-css (npm) Jun 5, 2019
G-Rath Credited to G-Rath
Regular Expression Denial of Service in marked Low
GHSA-ch52-vgq2-943f was published for marked (npm) Sep 3, 2020
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki Credited to hieki
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01, postmodern, and G-Rath postmodern postmodern
G-Rath G-Rath
ReDoS based DoS vulnerability in GlobalID Low
CVE-2023-22799 was published for globalid (RubyGems) Jan 18, 2023
tdunlap607 Credited to tdunlap607
Denial of service via multipart parsing in Rack Low
CVE-2022-44572 was published for rack (RubyGems) Jan 18, 2023
Denial of Service Vulnerability in Rack Content-Disposition parsing Low
CVE-2022-44571 was published for rack (RubyGems) Jan 18, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service Low
CVE-2023-33290 was published for git-url-parse (Rust) Jun 12, 2023
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov Credited to SValkanov
lambda-middleware Inefficient Regular Expression Complexity vulnerability Low
CVE-2021-4437 was published for @lambda-middleware/json-deserializer (npm) Feb 12, 2024
[TagAwareCipher] - Decryption Failure (Regex Match) Low
CVE-2024-28864 was published for ilicmiljan/secure-props (Composer) Mar 18, 2024
ilicmiljan Credited to ilicmiljan
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function Low
CVE-2024-9506 was published for vue (npm) Oct 15, 2024
m3t3kh4n Credited to m3t3kh4n
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jquery-validation (npm) Jun 3, 2022
klaudialax Credited to klaudialax and amita-seal amita-seal amita-seal
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk Credited to mariancorneci-snyk, SuperMaxine, and MikuroXina SuperMaxine SuperMaxine
MikuroXina MikuroXina
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
timothestoifl24 Credited to timothestoifl24
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01 and postmodern postmodern postmodern
@mozilla/readability Denial of Service through Regex Low
CVE-2025-2792 was published for @mozilla/readability (npm) Mar 26, 2025
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01, esparta, and levpachmanov esparta esparta
levpachmanov levpachmanov
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion Low
CVE-2025-48059 was published for com.powsybl:powsybl-contingency-api (Maven) Jun 19, 2025
arthurscchan Credited to arthurscchan, AdamKorcz, rolnico, and olperr1 AdamKorcz AdamKorcz
rolnico rolnico olperr1 olperr1
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser Low
GHSA-xffm-g5w8-qvg7 was published for @eslint/plugin-kit (npm) Jul 18, 2025
ericcornelissen Credited to ericcornelissen and Qix- Qix- Qix-
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54363 was published for knack (pip) Aug 20, 2025 withdrawn
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54364 was published for knack (pip) Aug 20, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database