Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev SCH227
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
lambda-middleware Inefficient Regular Expression Complexity vulnerability Low
CVE-2021-4437 was published for @lambda-middleware/json-deserializer (npm) Feb 12, 2024
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov yoshizawa-masatoshi
postmodern
[TagAwareCipher] - Decryption Failure (Regex Match) Low
CVE-2024-28864 was published for ilicmiljan/secure-props (Composer) Mar 18, 2024
ilicmiljan
Denial of service via regular expression High
CVE-2024-28865 was published for wiki (pip) Mar 18, 2024
stsewd benjaoming
oscarmcm
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2... Moderate Unreviewed
CVE-2023-1894 was published May 5, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... High Unreviewed
CVE-2023-2132 was published Jun 6, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15... High Unreviewed
CVE-2023-2199 was published Jun 7, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15... High Unreviewed
CVE-2023-2198 was published Jun 7, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1,... Moderate Unreviewed
CVE-2023-2232 was published Jun 28, 2023
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial... High Unreviewed
CVE-2023-32610 was published Jun 29, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15... High Unreviewed
CVE-2023-3424 was published Jul 13, 2023
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue... High Unreviewed
CVE-2023-39174 was published Jul 25, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8,... High Unreviewed
CVE-2023-0632 was published Aug 2, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16... High Unreviewed
CVE-2023-3364 was published Aug 2, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0... High Unreviewed
CVE-2023-3994 was published Aug 2, 2023
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3... High Unreviewed
CVE-2023-40599 was published Aug 25, 2023
SheetJS Regular Expression Denial of Service (ReDoS) High
CVE-2024-22363 was published for xlsx (npm) Apr 5, 2024
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression... Moderate Unreviewed
CVE-2023-27704 was published Apr 12, 2023
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider High
GHSA-7c9g-vj9m-8pm6 was published for scrapy (pip) Feb 28, 2024 withdrawn
Regular Expression Denial Of Service in uri-js Moderate
CVE-2017-16021 was published for uri-js (npm) Jul 24, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database