Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern High
CVE-2026-26996 was published for minimatch (npm) Feb 18, 2026
AkshayJainG Credited to AkshayJainG, ljharb, G-Rath, thomas-schlein, isaacs, and SamanthaPersico ljharb ljharb
G-Rath G-Rath thomas-schlein thomas-schlein isaacs isaacs SamanthaPersico SamanthaPersico
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25285 was published for @octokit/endpoint (npm) Feb 14, 2025
guiyi-he Credited to guiyi-he and G-Rath G-Rath G-Rath
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain Credited to mrgrain, G-Rath, and ljharb G-Rath G-Rath
ljharb ljharb
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch Low
CVE-2026-24001 was published for diff (npm) Jan 14, 2026
guiyi-he Credited to guiyi-he, ExplodingCabbage, G-Rath, and CraigHammondDexcom ExplodingCabbage ExplodingCabbage
G-Rath G-Rath CraigHammondDexcom CraigHammondDexcom
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th Credited to R4356th and G-Rath G-Rath G-Rath
glob CLI: Command injection via -c/--cmd executes matches with shell:true High
CVE-2025-64756 was published for glob (npm) Nov 17, 2025
Gyde04 Credited to Gyde04, aisle-research, G-Rath, bchew, qwilr-altonius, llwslc, EinfachHans, skremiec, AlanGreene, and isaacs aisle-research aisle-research
G-Rath G-Rath bchew bchew qwilr-altonius qwilr-altonius llwslc llwslc EinfachHans EinfachHans skremiec skremiec AlanGreene AlanGreene isaacs isaacs
min-document vulnerable to prototype pollution Low
CVE-2025-57352 was published for min-document (npm) Sep 24, 2025
G-Rath Credited to G-Rath
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban Credited to jeran-urban and G-Rath G-Rath G-Rath
validator.js has a URL validation bypass vulnerability in its isURL function Moderate
CVE-2025-56200 was published for validator (npm) Sep 30, 2025
G-Rath Credited to G-Rath, Moumouls, and aleyipsoftwire Moumouls Moumouls
aleyipsoftwire aleyipsoftwire
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath Credited to G-Rath and timtheguy-bs timtheguy-bs timtheguy-bs
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov nitaiapiiro nitaiapiiro
DmitriyLewen DmitriyLewen jkmartindale jkmartindale G-Rath G-Rath levpachmanov levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov Credited to mitchell-codecov, G-Rath, and levpachmanov G-Rath G-Rath
levpachmanov levpachmanov
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, ebickle, and G-Rath nitaiapiiro nitaiapiiro
ebickle ebickle G-Rath G-Rath
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov Credited to mitchell-codecov, jkmartindale, bengry, greengeko, tompazourek, and G-Rath jkmartindale jkmartindale
bengry bengry greengeko greengeko tompazourek tompazourek G-Rath G-Rath
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath Credited to G-Rath
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (RubyGems) Jul 26, 2018
G-Rath Credited to G-Rath
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath Credited to G-Rath
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne Credited to darrachequesne, G-Rath, and decsecre583 G-Rath G-Rath
decsecre583 decsecre583
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm Credited to rozeskjm and G-Rath G-Rath G-Rath
Express Open Redirect vulnerability Low
CVE-2024-9266 was published for express (npm) Oct 3, 2024
m3t3kh4n Credited to m3t3kh4n and G-Rath G-Rath G-Rath
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath Credited to G-Rath, levpachmanov, dotboris, and iFreilicht levpachmanov levpachmanov
dotboris dotboris iFreilicht iFreilicht
Regular Expression Denial of Service in debug Low
CVE-2017-16137 was published for debug (npm) Aug 9, 2018
G-Rath Credited to G-Rath and SamHutchins-Sage SamHutchins-Sage SamHutchins-Sage
Server-Side Request Forgery in Request Moderate
CVE-2023-28155 was published for @cypress/request (npm) Mar 16, 2023
NikoRaisanen Credited to NikoRaisanen and G-Rath G-Rath G-Rath
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
nokarin-dev Credited to nokarin-dev, OIRNOIR, simonkrol, Harrington-Joe_pfghub, and G-Rath OIRNOIR OIRNOIR
simonkrol simonkrol Harrington-Joe_pfghub Harrington-Joe_pfghub G-Rath G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database