GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
270 advisories
Filter by severity
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of...
High
Unreviewed
CVE-2024-21538
was published
Nov 8, 2024
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header...
Moderate
Unreviewed
CVE-2024-50574
was published
Oct 28, 2024
useragent Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26311
was published
for
useragent
(npm)
Oct 26, 2024
HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available...
High
Unreviewed
CVE-2020-26307
was published
Oct 26, 2024
Validate.js provides a declarative way of validating javascript objects. All versions as of 30...
High
Unreviewed
CVE-2020-26310
was published
Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26306
was published
for
knwl.js
(npm)
Oct 26, 2024
nope-validator Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26309
was published
for
nope-validator
(npm)
Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26304
was published
for
foundation-sites
(npm)
Oct 26, 2024
validate.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26308
was published
for
validate.js
(npm)
Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26305
was published
for
commonregex
(npm)
Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service
Moderate
CVE-2020-26303
was published
for
insane
(npm)
Oct 26, 2024
Permissive Regular Expression in tacquito
High
GHSA-p5wf-cmr4-xrwr
was published
for
github.com/facebookincubator/tacquito
(Go)
Oct 18, 2024
Possible ReDoS vulnerability in block_format in Action Mailer
Moderate
CVE-2024-47889
was published
for
actionmailer
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Moderate
CVE-2024-47888
was published
for
actiontext
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Moderate
CVE-2024-47887
was published
for
actionpack
(RubyGems)
Oct 15, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Low
CVE-2024-9506
was published
for
vue
(npm)
Oct 15, 2024
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email....
High
Unreviewed
CVE-2024-48938
was published
Oct 11, 2024
xhtml2pdf Denial of Service via crafted string
Moderate
CVE-2024-25885
was published
for
xhtml2pdf
(pip)
Oct 8, 2024
Inefficient Regular Expression Complexity in langflow
Moderate
CVE-2024-9277
was published
for
langflow
(pip)
Sep 27, 2024
Spring Framework DoS via conditional HTTP request
Moderate
CVE-2024-38809
was published
for
org.springframework:spring-web
(Maven)
Sep 24, 2024
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7...
High
Unreviewed
CVE-2024-8124
was published
Sep 12, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
ProTip!
Advisories are also available from the
GraphQL API