Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

269 advisories

Loading
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing Moderate
CVE-2024-39316 was published for rack (RubyGems) Jul 3, 2024
dwisiswant0
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
Permissive Regular Expression in tacquito High
GHSA-p5wf-cmr4-xrwr was published for github.com/facebookincubator/tacquito (Go) Oct 18, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Moderate
CVE-2024-47888 was published for actiontext (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in block_format in Action Mailer Moderate
CVE-2024-47889 was published for actionmailer (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Moderate
CVE-2024-47887 was published for actionpack (RubyGems) Oct 15, 2024
useragent Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26311 was published for useragent (npm) Oct 26, 2024
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header... Moderate Unreviewed
CVE-2024-50574 was published Oct 28, 2024
nope-validator Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26309 was published for nope-validator (npm) Oct 26, 2024
validate.js Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26308 was published for validate.js (npm) Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26306 was published for knwl.js (npm) Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26305 was published for commonregex (npm) Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26304 was published for foundation-sites (npm) Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service Moderate
CVE-2020-26303 was published for insane (npm) Oct 26, 2024
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-30608 was published for sqlparse (pip) Apr 21, 2023
erik-krogh
HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available... High Unreviewed
CVE-2020-26307 was published Oct 26, 2024
Validate.js provides a declarative way of validating javascript objects. All versions as of 30... High Unreviewed
CVE-2020-26310 was published Oct 26, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function Low
CVE-2024-9506 was published for vue (npm) Oct 15, 2024
m3t3kh4n
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
ReDoS in py library when used with subversion High
CVE-2022-42969 was published for py (pip) Oct 16, 2022
The-Compiler jwilk
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email.... High Unreviewed
CVE-2024-48938 was published Oct 11, 2024
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:... Moderate Unreviewed
CVE-2023-3446 was published Jul 19, 2023
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security amitguptagwl
iamvolvo aaron-belenky
xhtml2pdf Denial of Service via crafted string Moderate
CVE-2024-25885 was published for xhtml2pdf (pip) Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database