GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
234 advisories
Filter by severity
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15...
High
Unreviewed
CVE-2023-2199
was published
Jun 7, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15...
High
Unreviewed
CVE-2023-2132
was published
Jun 6, 2023
RedCloth Regular Expression Denial of Service issue
High
CVE-2023-31606
was published
for
RedCloth
(RubyGems)
Jun 6, 2023
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
High
CVE-2023-34104
was published
for
fast-xml-parser
(npm)
Jun 6, 2023
Liferay Portal has Inefficient Regular Expression
Moderate
CVE-2023-33950
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
git-url-parse Regular Expression Denial of Service
High
CVE-2023-32758
was published
for
git-url-parse
(pip)
May 15, 2023
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2...
Moderate
Unreviewed
CVE-2023-1894
was published
May 5, 2023
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-30608
was published
for
sqlparse
(pip)
Apr 21, 2023
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression...
Moderate
Unreviewed
CVE-2023-27704
was published
Apr 12, 2023
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file
Low
CVE-2023-26112
was published
for
configobj
(pip)
Apr 3, 2023
angular vulnerable to regular expression denial of service via the $resource service
Moderate
CVE-2023-26117
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the angular.copy() utility
Moderate
CVE-2023-26116
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element
Moderate
CVE-2023-26118
was published
for
angular
(npm)
Mar 30, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
High
GHSA-xr9w-x6gw-c9mj
was published
for
deno
(Rust)
Feb 25, 2023
•
withdrawn
Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of...
High
Unreviewed
CVE-2021-32848
was published
Feb 20, 2023
Regular Expression Denial of Service in Headers
High
CVE-2023-24807
was published
for
undici
(npm)
Feb 16, 2023
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic....
High
Unreviewed
CVE-2020-36661
was published
Feb 12, 2023
Regular Expression Denial of Service in simple-markdown
High
CVE-2019-25102
was published
for
simple-markdown
(npm)
Feb 12, 2023
Regular Expression Denial of Service in simple-markdown
High
CVE-2019-25103
was published
for
simple-markdown
(npm)
Feb 12, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
High
GHSA-8x6c-cv3v-vp6g
was published
for
cacheable-request
(npm)
Feb 11, 2023
•
withdrawn
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Moderate
CVE-2023-25166
was published
for
@sideway/formula
(npm)
Feb 8, 2023
is-url Inefficient Regular Expression Complexity vulnerability
High
CVE-2018-25079
was published
for
is-url
(npm)
Feb 4, 2023
ProTip!
Advisories are also available from the
GraphQL API