Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

268 advisories

Loading
Wagtail regular expression denial-of-service via search query parsing High
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne
Credited to RealOrangeOne
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing Moderate
CVE-2024-39316 was published for rack (RubyGems) Jul 3, 2024
dwisiswant0
Credited to dwisiswant0
ua-parser/uap-php ReDoS vulnerability Moderate
GHSA-78hm-5hjw-58mh was published for ua-parser/uap-php (Composer) Jun 7, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header High
CVE-2014-5244 was published for symfony/http-foundation (Composer) May 30, 2024
Regular Expression Denial of Service (ReDoS) in micromatch Moderate
CVE-2024-4067 was published for micromatch (npm) May 14, 2024
jagonalez cx-mario-teixeira
Credited to jagonalez and cx-mario-teixeira
TCPDF vulnerable to Regular Expression Denial of Service Moderate
CVE-2024-22640 was published for tecnickcom/tcpdf (Composer) Apr 19, 2024
Starfox64
Credited to Starfox64
Pydantic regular expression denial of service Moderate
CVE-2024-3772 was published for pydantic (pip) Apr 15, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Credited to guidovranken
SheetJS Regular Expression Denial of Service (ReDoS) High
CVE-2024-22363 was published for xlsx (npm) Apr 5, 2024
kb-med
Credited to kb-med
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
dsimk
Credited to dsimk
Black vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2024-21503 was published for black (pip) Mar 19, 2024
[TagAwareCipher] - Decryption Failure (Regex Match) Low
CVE-2024-28864 was published for ilicmiljan/secure-props (Composer) Mar 18, 2024
ilicmiljan
Credited to ilicmiljan
Denial of service via regular expression High
CVE-2024-28865 was published for wiki (pip) Mar 18, 2024
stsewd benjaoming
oscarmcm
Credited to stsewd, benjaoming, and oscarmcm
Regular expression denial-of-service in Django Moderate
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131
Credited to MarkLee131
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot
Credited to byroot
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov
Credited to SValkanov
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider High
GHSA-7c9g-vj9m-8pm6 was published for scrapy (pip) Feb 28, 2024 withdrawn
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov yoshizawa-masatoshi
postmodern
Credited to SValkanov, yoshizawa-masatoshi, and postmodern
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev SCH227
Credited to GAP-dev and SCH227
Scrapy vulnerable to ReDoS via XMLFeedSpider High
CVE-2024-1892 was published for scrapy (pip) Feb 15, 2024
nicecatch2000
Credited to nicecatch2000
lambda-middleware Inefficient Regular Expression Complexity vulnerability Low
CVE-2021-4437 was published for @lambda-middleware/json-deserializer (npm) Feb 12, 2024
angular vulnerable to super-linear runtime due to backtracking High
CVE-2024-21490 was published for angular (Maven) Feb 10, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Credited to nicecatch2000, huonw, garyd203, and levpachmanov
nodemailer ReDoS when trying to send a specially crafted email Moderate
GHSA-9h6g-pr28-7cqp was published for nodemailer (npm) Jan 31, 2024
francoatmega dsimk
Credited to francoatmega and dsimk
ReDoS in Embedchain Moderate
CVE-2024-23732 was published for embedchain (pip) Jan 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database