Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Scrapy vulnerable to ReDoS via XMLFeedSpider High
CVE-2024-1892 was published for scrapy (pip) Feb 15, 2024
nicecatch2000 Credited to nicecatch2000
multipart vulnerable to ReDoS in `parse_options_header()` High
CVE-2026-28356 was published for multipart (pip) Mar 12, 2026
sharanxP Credited to sharanxP
Elysia has a string URL format ReDoS High
CVE-2026-30837 was published for elysia (npm) Mar 10, 2026
EdamAme-x Credited to EdamAme-x
Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery High
CVE-2026-30925 was published for parse-server (npm) Mar 10, 2026
TinkAnet Credited to TinkAnet and mtrezza mtrezza mtrezza
fast-xml-parser vulnerable to Regex Injection via Doctype Entities High
CVE-2023-34104 was published for fast-xml-parser (npm) Jun 6, 2023
7085 Credited to 7085 and levpachmanov levpachmanov levpachmanov
Regular Expression Denial of Service in semver High
CVE-2015-8855 was published for semver (npm) Oct 24, 2017
ljharb Credited to ljharb
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions High
CVE-2026-27904 was published for minimatch (npm) Feb 26, 2026
dolevmiz1 Credited to dolevmiz1
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern High
CVE-2026-26996 was published for minimatch (npm) Feb 18, 2026
AkshayJainG Credited to AkshayJainG, ljharb, G-Rath, thomas-schlein, isaacs, and SamanthaPersico ljharb ljharb
G-Rath G-Rath thomas-schlein thomas-schlein isaacs isaacs SamanthaPersico SamanthaPersico
@isaacs/brace-expansion has Uncontrolled Resource Consumption High
CVE-2026-25547 was published for @isaacs/brace-expansion (npm) Feb 3, 2026
Jvr2022 Credited to Jvr2022 and intrigus-lgtm intrigus-lgtm intrigus-lgtm
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` High
CVE-2026-23897 was published for @apollo/server (npm) Feb 4, 2026
ChALkeR Credited to ChALkeR
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain Credited to mrgrain, G-Rath, and ljharb G-Rath G-Rath
ljharb ljharb
Regular Expression Denial of Service in simple-markdown High
CVE-2019-25103 was published for simple-markdown (npm) Feb 12, 2023
seroval affected by Denial of Service via RegExp serialization High
CVE-2026-23956 was published for seroval (npm) Jan 21, 2026
tweidinger Credited to tweidinger and lxsmnsyc lxsmnsyc lxsmnsyc
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability High
CVE-2026-0621 was published for @modelcontextprotocol/sdk (npm) Jan 5, 2026
Clashsoft Credited to Clashsoft
Fedify has ReDoS Vulnerability in HTML Parsing Regex High
CVE-2025-68475 was published for @fedify/fedify (npm) Dec 22, 2025
yueyueL Credited to yueyueL
mechanize Regular Expression Denial of Service vulnerability High
CVE-2021-32837 was published for mechanize (pip) Jan 18, 2023
mako is vulnerable to Regular Expression Denial of Service High
CVE-2022-40023 was published for mako (pip) Sep 16, 2022
Valibot has a ReDoS vulnerability in `EMOJI_REGEX` High
CVE-2025-66020 was published for valibot (npm) Nov 26, 2025
makenowjust Credited to makenowjust
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban Credited to jeran-urban and G-Rath G-Rath G-Rath
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator High
CVE-2023-36053 was published for Django (pip) Jul 3, 2023
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer High
CVE-2022-23517 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah High
CVE-2022-23514 was published for loofah (RubyGems) Dec 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database