GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
119 advisories
Filter by severity
git-url-parse Regular Expression Denial of Service
High
CVE-2023-32758
was published
for
git-url-parse
(pip)
May 15, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
High
GHSA-xr9w-x6gw-c9mj
was published
for
deno
(Rust)
Feb 25, 2023
•
withdrawn
Regular Expression Denial of Service in Headers
High
CVE-2023-24807
was published
for
undici
(npm)
Feb 16, 2023
Regular Expression Denial of Service in simple-markdown
High
CVE-2019-25102
was published
for
simple-markdown
(npm)
Feb 12, 2023
Regular Expression Denial of Service in simple-markdown
High
CVE-2019-25103
was published
for
simple-markdown
(npm)
Feb 12, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
High
GHSA-8x6c-cv3v-vp6g
was published
for
cacheable-request
(npm)
Feb 11, 2023
•
withdrawn
is-url Inefficient Regular Expression Complexity vulnerability
High
CVE-2018-25079
was published
for
is-url
(npm)
Feb 4, 2023
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
ReDoS Vulnerability in ua-parser-js version
High
CVE-2022-25927
was published
for
ua-parser-js
(npm)
Jan 24, 2023
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
mechanize Regular Expression Denial of Service vulnerability
High
CVE-2021-32837
was published
for
mechanize
(pip)
Jan 18, 2023
skeemas Inefficient Regular Expression Complexity vulnerability
High
CVE-2018-25074
was published
for
skeemas
(npm)
Jan 11, 2023
PapaParse Inefficient Regular Expression Complexity vulnerability
High
CVE-2020-36649
was published
for
papaparse
(npm)
Jan 11, 2023
Luxon Inefficient Regular Expression Complexity vulnerability
High
CVE-2023-22467
was published
for
luxon
(npm)
Jan 9, 2023
debug Inefficient Regular Expression Complexity vulnerability
High
CVE-2017-20165
was published
for
debug
(npm)
Jan 9, 2023
terminal-kit Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-4306
was published
for
terminal-kit
(npm)
Jan 7, 2023
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-4305
was published
for
robots-txt-guard
(npm)
Jan 5, 2023
MooTools Regular Expression Denial of Service
High
CVE-2021-32821
was published
for
mootools
(npm)
Jan 3, 2023
string-kit Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-4299
was published
for
string-kit
(npm)
Jan 2, 2023
rgb2hex vulnerable to inefficient regular expression complexity
High
CVE-2018-25061
was published
for
rgb2hex
(npm)
Dec 31, 2022
markdown-it vulnerable to Inefficient Regular Expression Complexity
High
CVE-2015-10005
was published
for
markdown-it
(npm)
Dec 27, 2022
email-existence Inefficient Regular Expression Complexity vulnerability
High
CVE-2018-25049
was published
for
email-existence
(npm)
Dec 27, 2022
ProTip!
Advisories are also available from the
GraphQL API