Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,617
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

268 advisories

Loading
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement Moderate
CVE-2025-27220 was published for cgi (RubyGems) Mar 3, 2025
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
angular vulnerable to super-linear runtime due to backtracking High
CVE-2024-21490 was published for angular (Maven) Feb 10, 2024
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
angular vulnerable to regular expression denial of service via the angular.copy() utility Moderate
CVE-2023-26116 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service Moderate
CVE-2023-26117 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element Moderate
CVE-2023-26118 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
Regular Expression Denial of Service in is-my-json-valid High
CVE-2016-2537 was published for is-my-json-valid (npm) Oct 24, 2017
shaked-seal
Credited to shaked-seal
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath timtheguy-bs
Credited to G-Rath and timtheguy-bs
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability Low
CVE-2025-61581 was published for github.com/apache/trafficcontrol/v8 (Go) Oct 16, 2025
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-10624 was published for gradio (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Credited to guidovranken
Sinatra is vulnerable to ReDoS through ETag header value generation Low
CVE-2025-61921 was published for sinatra (RubyGems) Oct 10, 2025
dentarg
Credited to dentarg
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
Credited to dhki and rennf93
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath levpachmanov
Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity High
CVE-2025-58451 was published for cattown (npm) Sep 9, 2025
cai0duque
Credited to cai0duque
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
cai0duque
Credited to cai0duque
SheetJS Regular Expression Denial of Service (ReDoS) High
CVE-2024-22363 was published for xlsx (npm) Apr 5, 2024
kb-med
Credited to kb-med
Hugging Face Transformers library has Regular Expression Denial of Service Moderate
CVE-2025-6051 was published for transformers (pip) Sep 14, 2025
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer Moderate
CVE-2025-6638 was published for transformers (pip) Sep 12, 2025
Inefficient Regular Expression Complexity in Liferay Portal High
CVE-2022-42124 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
nodemailer ReDoS when trying to send a specially crafted email Moderate
GHSA-9h6g-pr28-7cqp was published for nodemailer (npm) Jan 31, 2024
francoatmega dsimk
Credited to francoatmega and dsimk
useragent Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26311 was published for useragent (npm) Oct 26, 2024
dsimk
Credited to dsimk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database