GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
SheetJS Regular Expression Denial of Service (ReDoS)
High
CVE-2024-22363
was published
for
xlsx
(npm)
Apr 5, 2024
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Low
CVE-2024-27088
was published
for
es5-ext
(npm)
Feb 26, 2024
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Low
CVE-2021-4437
was published
for
@lambda-middleware/json-deserializer
(npm)
Feb 12, 2024
angular vulnerable to super-linear runtime due to backtracking
High
CVE-2024-21490
was published
for
angular
(Maven)
Feb 10, 2024
nodemailer ReDoS when trying to send a specially crafted email
Moderate
GHSA-9h6g-pr28-7cqp
was published
for
nodemailer
(npm)
Jan 31, 2024
Sentry's Astro SDK vulnerable to ReDoS
High
CVE-2023-50249
was published
for
@sentry/astro
(npm)
Dec 18, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
Inefficient Regular Expression Complexity in node-email-check
High
CVE-2023-39619
was published
for
node-email-check
(npm)
Oct 25, 2023
Zod denial of service vulnerability during email validation
High
GHSA-mvrp-3cvx-c325
was published
for
express-zod-api
(npm)
Oct 4, 2023
Chaijs/get-func-name vulnerable to ReDoS
High
CVE-2023-43646
was published
for
get-func-name
(npm)
Sep 27, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
MathJax Regular expression Denial of Service (ReDoS)
High
CVE-2023-39663
was published
for
mathjax
(npm)
Aug 29, 2023
is_js vulnerable to Regular Expression Denial of Service
High
CVE-2020-26302
was published
for
is_js
(npm)
Jul 6, 2023
word-wrap vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-26115
was published
for
word-wrap
(npm)
Jun 22, 2023
semver vulnerable to Regular Expression Denial of Service
Moderate
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
High
CVE-2023-34104
was published
for
fast-xml-parser
(npm)
Jun 6, 2023
angular vulnerable to regular expression denial of service via the $resource service
Moderate
CVE-2023-26117
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the angular.copy() utility
Moderate
CVE-2023-26116
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element
Moderate
CVE-2023-26118
was published
for
angular
(npm)
Mar 30, 2023
Regular Expression Denial of Service in Headers
High
CVE-2023-24807
was published
for
undici
(npm)
Feb 16, 2023
Regular Expression Denial of Service in simple-markdown
High
CVE-2019-25102
was published
for
simple-markdown
(npm)
Feb 12, 2023
Regular Expression Denial of Service in simple-markdown
High
CVE-2019-25103
was published
for
simple-markdown
(npm)
Feb 12, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
High
GHSA-8x6c-cv3v-vp6g
was published
for
cacheable-request
(npm)
Feb 11, 2023
•
withdrawn
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Moderate
CVE-2023-25166
was published
for
@sideway/formula
(npm)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API