Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,943
Erlang
29
GitHub Actions
16
Go
1,727
Maven
4,953
npm
3,485
NuGet
605
pip
3,052
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Regular expression denial of service in apache tika Moderate
CVE-2022-30973 was published for org.apache.tika:tika-core (Maven) Jun 1, 2022
jkmartindale
Denial of Service Vulnerability in Rack Multipart Parsing High
CVE-2022-30122 was published for rack (RubyGems) May 27, 2022
Duplicate Advisory: ReDoS via crafted JSON input in GJSON High
CVE-2021-42248 was published for github.com/tidwall/gjson (Go) May 25, 2022 withdrawn
CKEditor 4 ReDoS Vulnerability Moderate
CVE-2021-26271 was published for ckeditor4-dev (npm) May 24, 2022
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16555 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to... Moderate Unreviewed
CVE-2019-16215 was published May 24, 2022
Uncontrolled Resource Consumption in Hawk High
CVE-2022-29167 was published for hawk (npm) May 23, 2022
Regular expression denial of service in url_regex Moderate
CVE-2022-21195 was published for url_regex (pip) May 21, 2022
Regular expression denial of service in Apache ShenYu High
CVE-2022-26650 was published for org.apache.shenyu:shenyu (Maven) May 18, 2022
Django ReDoS in validators.URLValidator High
CVE-2015-5145 was published for django (pip) May 17, 2022
Regular expression denial of service in apache tika Moderate
CVE-2022-30126 was published for org.apache.tika:tika (Maven) May 17, 2022
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
Django Regex Algorithmic Complexity Causes Denial of Service Moderate
CVE-2009-3695 was published for Django (pip) May 2, 2022
Spring Framework Inefficient Regular Expression Complexity Moderate
CVE-2009-1190 was published for org.springframework:spring-core (Maven) May 2, 2022
Nokogiri Inefficient Regular Expression Complexity High
CVE-2022-24836 was published for nokogiri (RubyGems) Apr 11, 2022
ooooooo-q
Uncontrolled Resource Consumption in Apache DolphinScheduler High
CVE-2022-25598 was published for apache-dolphinscheduler (Maven) Mar 31, 2022
Rust's regex crate vulnerable to regular expression denial of service High
CVE-2022-24713 was published for regex (Rust) Mar 8, 2022
addisoncrump
Inefficient Regular Expression Complexity in marked High
CVE-2022-21681 was published for marked (npm) Jan 14, 2022
makenowjust
Inefficient Regular Expression Complexity in marked High
CVE-2022-21680 was published for marked (npm) Jan 14, 2022
makenowjust
Uncontrolled Resource Consumption in markdown-it Moderate
CVE-2022-21670 was published for markdown-it (npm) Jan 12, 2022
makenowjust
NLTK Vulnerable to REDoS High
CVE-2021-3842 was published for nltk (pip) Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (npm) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
ReDos vulnerability on guest checkout email validation High
CVE-2021-43805 was published for solidus_core (RubyGems) Dec 7, 2021
agustingianni nickrolfe
ReDoS in LDAP schema parser Moderate
GHSA-r8wq-qrxc-hmcm was published for python-ldap (pip) Nov 29, 2021
ProTip! Advisories are also available from the GraphQL API