Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

119 advisories

Loading
git-url-parse Regular Expression Denial of Service High
CVE-2023-32758 was published for git-url-parse (pip) May 15, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service High
GHSA-xr9w-x6gw-c9mj was published for deno (Rust) Feb 25, 2023 withdrawn
Regular Expression Denial of Service in Headers High
CVE-2023-24807 was published for undici (npm) Feb 16, 2023
sno2
Regular Expression Denial of Service in simple-markdown High
CVE-2019-25102 was published for simple-markdown (npm) Feb 12, 2023
Regular Expression Denial of Service in simple-markdown High
CVE-2019-25103 was published for simple-markdown (npm) Feb 12, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service High
GHSA-8x6c-cv3v-vp6g was published for cacheable-request (npm) Feb 11, 2023 withdrawn
is-url Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25079 was published for is-url (npm) Feb 4, 2023
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki tdunlap607
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
mechanize Regular Expression Denial of Service vulnerability High
CVE-2021-32837 was published for mechanize (pip) Jan 18, 2023
skeemas Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25074 was published for skeemas (npm) Jan 11, 2023
PapaParse Inefficient Regular Expression Complexity vulnerability High
CVE-2020-36649 was published for papaparse (npm) Jan 11, 2023
Luxon Inefficient Regular Expression Complexity vulnerability High
CVE-2023-22467 was published for luxon (npm) Jan 9, 2023
skrtheboss remi-san
makkes canderson-activatecare rpastro cmp831
debug Inefficient Regular Expression Complexity vulnerability High
CVE-2017-20165 was published for debug (npm) Jan 9, 2023
HvB
terminal-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4306 was published for terminal-kit (npm) Jan 7, 2023
robots-txt-guard Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4305 was published for robots-txt-guard (npm) Jan 5, 2023
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
string-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4299 was published for string-kit (npm) Jan 2, 2023
rgb2hex vulnerable to inefficient regular expression complexity High
CVE-2018-25061 was published for rgb2hex (npm) Dec 31, 2022
markdown-it vulnerable to Inefficient Regular Expression Complexity High
CVE-2015-10005 was published for markdown-it (npm) Dec 27, 2022
email-existence Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25049 was published for email-existence (npm) Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API