GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Transformers vulnerable to ReDoS attack through its get_imports() function
Moderate
CVE-2025-3264
was published
for
transformers
(pip)
Jul 7, 2025
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
Moderate
CVE-2025-3263
was published
for
transformers
(pip)
Jul 7, 2025
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
Moderate
CVE-2025-3262
was published
for
transformers
(pip)
Jul 7, 2025
fastapi-guard is vulnerable to ReDoS through inefficient regex
Moderate
CVE-2025-53539
was published
for
fastapi-guard
(pip)
Jul 7, 2025
PowSyBl Core contains Polynomial REDoS’es
Moderate
CVE-2025-48058
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
Moderate
CVE-2025-48887
was published
for
vllm
(pip)
May 28, 2025
vLLM vulnerable to Regular Expression Denial of Service
Moderate
GHSA-j828-28rj-hfhp
was published
for
vllm
(pip)
May 28, 2025
Marked allows Regular Expression Denial of Service (ReDoS) attacks
Moderate
CVE-2018-25110
was published
for
marked
(npm)
May 23, 2025
Hugging Face Transformers Regular Expression Denial of Service
Moderate
CVE-2025-2099
was published
for
transformers
(pip)
May 19, 2025
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
Moderate
CVE-2025-46560
was published
for
vllm
(pip)
Apr 29, 2025
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Moderate
CVE-2025-1194
was published
for
transformers
(pip)
Apr 29, 2025
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
Moderate
CVE-2025-27789
was published
for
@babel/helpers
(npm)
Mar 11, 2025
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42966
was published
for
cleo
(pip)
Nov 10, 2022
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
GHSA-hx7h-9vf7-5xhg
was published
for
uptime-kuma
(npm)
Mar 31, 2025
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Moderate
CVE-2024-12720
was published
for
transformers
(pip)
Mar 20, 2025
Uptime Kuma ReDoS vulnerability
Moderate
CVE-2025-26042
was published
for
uptime-kuma
(npm)
Mar 17, 2025
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
Moderate
CVE-2025-27220
was published
for
cgi
(RubyGems)
Mar 3, 2025
Spring Framework DoS via conditional HTTP request
Moderate
CVE-2024-38809
was published
for
org.springframework:spring-web
(Maven)
Sep 24, 2024
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
angular vulnerable to regular expression denial of service via the angular.copy() utility
Moderate
CVE-2023-26116
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service
Moderate
CVE-2023-26117
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element
Moderate
CVE-2023-26118
was published
for
angular
(npm)
Mar 30, 2023
ProTip!
Advisories are also available from the
GraphQL API