GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
119 advisories
Filter by severity
Regular Expression Denial of Service in flask-restx
High
CVE-2021-32838
was published
for
flask-restx
(pip)
Sep 8, 2021
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator
High
CVE-2023-36053
was published
for
Django
(pip)
Jul 3, 2023
Django denial-of-service vulnerability in internationalized URLs
High
CVE-2022-41323
was published
for
django
(pip)
Oct 16, 2022
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
Django ReDoS in validators.URLValidator
High
CVE-2015-5145
was published
for
Django
(pip)
May 17, 2022
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
Django Regex Algorithmic Complexity Causes Denial of Service
High
CVE-2009-3695
was published
for
Django
(pip)
May 2, 2022
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
regular expression denial-of-service (ReDoS) in Bleach
High
CVE-2020-6817
was published
for
bleach
(pip)
Mar 30, 2020
domain-suffix RegEx Denial of Service
High
CVE-2024-25354
was published
for
domain-suffix
(npm)
Mar 28, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
Regular Expression Denial of Service in ms
High
CVE-2015-8315
was published
for
ms
(npm)
Oct 24, 2017
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-40897
was published
for
setuptools
(pip)
Dec 23, 2022
Symfony vulnerable to denial of service via a malicious HTTP Host header
High
CVE-2014-5244
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
angular vulnerable to super-linear runtime due to backtracking
High
CVE-2024-21490
was published
for
angular
(Maven)
Feb 10, 2024
Duplicate Advisory: ReDoS via crafted JSON input in GJSON
High
CVE-2021-42248
was published
for
github.com/tidwall/gjson
(Go)
May 25, 2022
•
withdrawn
Sanitize-html Vulnerable To REDoS Attacks
High
CVE-2022-25887
was published
for
sanitize-html
(npm)
Aug 31, 2022
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
Regular Expression Denial of Service in remarkable
High
CVE-2019-12041
was published
for
remarkable
(npm)
Jun 6, 2019
Scrapy vulnerable to ReDoS via XMLFeedSpider
High
CVE-2024-1892
was published
for
scrapy
(pip)
Feb 15, 2024
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
High
GHSA-7c9g-vj9m-8pm6
was published
for
scrapy
(pip)
Feb 28, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API