GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to...
High
Unreviewed
CVE-2024-5552
was published
Jun 6, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header
High
CVE-2014-5244
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The...
High
Unreviewed
CVE-2024-4067
was published
May 14, 2024
SheetJS Regular Expression Denial of Service (ReDoS)
High
CVE-2024-22363
was published
for
xlsx
(npm)
Apr 5, 2024
Denial of service via regular expression
High
CVE-2024-28865
was published
for
wiki
(pip)
Mar 18, 2024
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
High
GHSA-7c9g-vj9m-8pm6
was published
for
scrapy
(pip)
Feb 28, 2024
•
withdrawn
Scrapy vulnerable to ReDoS via XMLFeedSpider
High
CVE-2024-1892
was published
for
scrapy
(pip)
Feb 15, 2024
angular vulnerable to super-linear runtime due to backtracking
High
CVE-2024-21490
was published
for
angular
(Maven)
Feb 10, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Sentry's Astro SDK vulnerable to ReDoS
High
CVE-2023-50249
was published
for
@sentry/astro
(npm)
Dec 18, 2023
Inefficient Regular Expression Complexity in git-urls
High
CVE-2023-46402
was published
for
github.com/whilp/git-urls
(Go)
Nov 18, 2023
Inefficient Regular Expression Complexity in node-email-check
High
CVE-2023-39619
was published
for
node-email-check
(npm)
Oct 25, 2023
Zod denial of service vulnerability during email validation
High
GHSA-mvrp-3cvx-c325
was published
for
express-zod-api
(npm)
Oct 4, 2023
Chaijs/get-func-name vulnerable to ReDoS
High
CVE-2023-43646
was published
for
get-func-name
(npm)
Sep 27, 2023
MathJax Regular expression Denial of Service (ReDoS)
High
CVE-2023-39663
was published
for
mathjax
(npm)
Aug 29, 2023
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3...
High
Unreviewed
CVE-2023-40599
was published
Aug 25, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0...
High
Unreviewed
CVE-2023-3994
was published
Aug 2, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8,...
High
Unreviewed
CVE-2023-0632
was published
Aug 2, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16...
High
Unreviewed
CVE-2023-3364
was published
Aug 2, 2023
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue...
High
Unreviewed
CVE-2023-39174
was published
Jul 25, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15...
High
Unreviewed
CVE-2023-3424
was published
Jul 13, 2023
is_js vulnerable to Regular Expression Denial of Service
High
CVE-2020-26302
was published
for
is_js
(npm)
Jul 6, 2023
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator
High
CVE-2023-36053
was published
for
Django
(pip)
Jul 3, 2023
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial...
High
Unreviewed
CVE-2023-32610
was published
Jun 29, 2023
urlnorm vulnerable to Regular Expression Denial of Service
High
CVE-2023-33289
was published
for
urlnorm
(Rust)
Jun 21, 2023
ProTip!
Advisories are also available from the
GraphQL API