Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

234 advisories

Loading
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki tdunlap607
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath
Denial of Service Vulnerability in Rack Content-Disposition parsing Low
CVE-2022-44571 was published for rack (RubyGems) Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 postmodern
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 postmodern
G-Rath
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 esparta
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
Denial of service via multipart parsing in Rack Low
CVE-2022-44572 was published for rack (RubyGems) Jan 18, 2023
ReDoS based DoS vulnerability in GlobalID Low
CVE-2023-22799 was published for globalid (RubyGems) Jan 18, 2023
tdunlap607
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2
mel-spintax has Inefficient Regular Expression Complexity Moderate
CVE-2018-25077 was published for mel-spintax (npm) Jan 18, 2023
mechanize Regular Expression Denial of Service vulnerability High
CVE-2021-32837 was published for mechanize (pip) Jan 18, 2023
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5... Moderate Unreviewed
CVE-2022-3514 was published Jan 12, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15... Moderate Unreviewed
CVE-2022-4131 was published Jan 12, 2023
skeemas Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25074 was published for skeemas (npm) Jan 11, 2023
PapaParse Inefficient Regular Expression Complexity vulnerability High
CVE-2020-36649 was published for papaparse (npm) Jan 11, 2023
Luxon Inefficient Regular Expression Complexity vulnerability High
CVE-2023-22467 was published for luxon (npm) Jan 9, 2023
skrtheboss remi-san
makkes canderson-activatecare rpastro cmp831
debug Inefficient Regular Expression Complexity vulnerability High
CVE-2017-20165 was published for debug (npm) Jan 9, 2023
HvB
terminal-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4306 was published for terminal-kit (npm) Jan 7, 2023
robots-txt-guard Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4305 was published for robots-txt-guard (npm) Jan 5, 2023
Vercel ms Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2017-20162 was published for ms (npm) Jan 5, 2023
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
string-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4299 was published for string-kit (npm) Jan 2, 2023
ProTip! Advisories are also available from the GraphQL API