GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
212 advisories
Filter by severity
steal Inefficient Regular Expression Complexity vulnerability via string variable
High
CVE-2022-37259
was published
for
steal
(npm)
Sep 21, 2022
mako is vulnerable to Regular Expression Denial of Service
High
CVE-2022-40023
was published
for
mako
(pip)
Sep 16, 2022
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
High
CVE-2022-37262
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Regular Expression Denial of Service via input variable
High
CVE-2022-37260
was published
for
steal
(npm)
Sep 16, 2022
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS)...
High
Unreviewed
CVE-2022-29158
was published
Sep 3, 2022
Polynomial regular expression used on uncontrolled data in nitrado.js
High
CVE-2022-36034
was published
for
nitrado.js
(npm)
Aug 31, 2022
Sanitize-html Vulnerable To REDoS Attacks
High
CVE-2022-25887
was published
for
sanitize-html
(npm)
Aug 31, 2022
uri-template-lite Regular Expression Denial of Service
Moderate
CVE-2021-43309
was published
for
uri-template-lite
(npm)
Aug 25, 2022
Regular expression denial of service in eth-account
Moderate
CVE-2022-1930
was published
for
eth-account
(pip)
Aug 23, 2022
node-fetch Inefficient Regular Expression Complexity
Moderate
CVE-2022-2596
was published
for
node-fetch
(npm)
Aug 2, 2022
Mistune vulnerable to catastrophic backtracking
High
CVE-2022-34749
was published
for
mistune
(pip)
Jul 26, 2022
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
High
CVE-2021-35065
was published
for
glob-parent
(npm)
Jul 18, 2022
Terser insecure use of regular expressions leads to ReDoS
High
CVE-2022-25858
was published
for
terser
(npm)
Jul 16, 2022
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking
High
CVE-2022-31781
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jul 14, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-31129
was published
for
Moment.js
(npm)
Jul 6, 2022
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
High
CVE-2022-31147
was published
for
jquery-validation
(npm)
Jul 5, 2022
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
Denial of Service (DoS) vulnerability in RSSHub
Moderate
CVE-2022-31110
was published
for
rsshub
(npm)
Jun 23, 2022
Denial of Service in python-ldap
Moderate
CVE-2021-46823
was published
for
python-ldap
(pip)
Jun 19, 2022
Regular expression denial of service in Delight Nashorn Sandbox
High
CVE-2021-40660
was published
for
org.javadelight:delight-nashorn-sandbox
(Maven)
Jun 15, 2022
Regular expression denial of service in devcert
High
CVE-2022-1929
was published
for
devcert
(npm)
Jun 3, 2022
Regular expression denial of service in markdown-link-extractor
Low
CVE-2021-43308
was published
for
markdown-link-extractor
(npm)
Jun 3, 2022
Regular expression denial of service in semver-regex
Low
CVE-2021-43307
was published
for
semver-regex
(npm)
Jun 3, 2022
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jQuery.Validation
(npm)
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API