GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
198 advisories
Filter by severity
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
Denial of service via multipart parsing in Rack
Low
CVE-2022-44572
was published
for
rack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in GlobalID
Low
CVE-2023-22799
was published
for
globalid
(RubyGems)
Jan 18, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function
Moderate
CVE-2022-25901
was published
for
cookiejar
(Maven)
Jan 18, 2023
mel-spintax has Inefficient Regular Expression Complexity
Moderate
CVE-2018-25077
was published
for
mel-spintax
(npm)
Jan 18, 2023
mechanize Regular Expression Denial of Service vulnerability
High
CVE-2021-32837
was published
for
mechanize
(pip)
Jan 18, 2023
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
PapaParse Inefficient Regular Expression Complexity vulnerability
High
CVE-2020-36649
was published
for
papaparse
(npm)
Jan 11, 2023
skeemas Inefficient Regular Expression Complexity vulnerability
High
CVE-2018-25074
was published
for
skeemas
(npm)
Jan 11, 2023
Luxon Inefficient Regular Expression Complexity vulnerability
High
CVE-2023-22467
was published
for
luxon
(npm)
Jan 9, 2023
debug Inefficient Regular Expression Complexity vulnerability
High
CVE-2017-20165
was published
for
debug
(npm)
Jan 9, 2023
terminal-kit Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-4306
was published
for
terminal-kit
(npm)
Jan 7, 2023
Vercel ms Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2017-20162
was published
for
ms
(npm)
Jan 5, 2023
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-4305
was published
for
robots-txt-guard
(npm)
Jan 5, 2023
MooTools Regular Expression Denial of Service
High
CVE-2021-32821
was published
for
mootools
(npm)
Jan 3, 2023
string-kit Inefficient Regular Expression Complexity vulnerability
High
CVE-2021-4299
was published
for
string-kit
(npm)
Jan 2, 2023
rgb2hex vulnerable to inefficient regular expression complexity
High
CVE-2018-25061
was published
for
rgb2hex
(npm)
Dec 31, 2022
email-existence Inefficient Regular Expression Complexity vulnerability
High
CVE-2018-25049
was published
for
email-existence
(npm)
Dec 27, 2022
markdown-it vulnerable to Inefficient Regular Expression Complexity
High
CVE-2015-10005
was published
for
markdown-it
(npm)
Dec 27, 2022
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
High
CVE-2022-40898
was published
for
wheel
(pip)
Dec 23, 2022
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-40897
was published
for
setuptools
(pip)
Dec 23, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer
High
CVE-2022-23517
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah
High
CVE-2022-23514
was published
for
loofah
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Liferay Portal
High
CVE-2022-42124
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42965
was published
for
snowflake-connector-python
(pip)
Nov 10, 2022
ProTip!
Advisories are also available from the
GraphQL API