Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

234 advisories

Loading
ReDoS in LDAP schema parser Moderate
GHSA-r8wq-qrxc-hmcm was published for python-ldap (pip) Nov 29, 2021
Regular Expression Denial of Service in millisecond Moderate
GHSA-m489-xr35-fjxr was published for millisecond (npm) Sep 22, 2021
Inefficient Regular Expression Complexity in Validator.js Moderate
GHSA-xx4c-jj58-r7x6 was published for validator (npm) Nov 19, 2021
yetingli G-Rath
mel-spintax has Inefficient Regular Expression Complexity Moderate
CVE-2018-25077 was published for mel-spintax (npm) Jan 18, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2
Regular Expression Denial of Service in Leo Editor High
CVE-2020-23478 was published for leo (pip) Sep 23, 2021
Regular expression denial of service in url_regex Moderate
CVE-2022-21195 was published for url_regex (pip) May 21, 2022
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS) High
CVE-2022-40898 was published for wheel (pip) Dec 23, 2022
robots-txt-guard Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4305 was published for robots-txt-guard (npm) Jan 5, 2023
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method High
CVE-2022-31147 was published for jquery-validation (npm) Jul 5, 2022
erik-krogh bytestream
mthreer
PapaParse Inefficient Regular Expression Complexity vulnerability High
CVE-2020-36649 was published for papaparse (npm) Jan 11, 2023
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
Regular expression denial of service in eth-account Moderate
CVE-2022-1930 was published for eth-account (pip) Aug 23, 2022
terminal-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4306 was published for terminal-kit (npm) Jan 7, 2023
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule wejendorp
wwuck paulmillr BGehrels
inflect vulnerable to Inefficient Regular Expression Complexity High
CVE-2021-3820 was published for i (npm) Sep 29, 2021
Spring Framework Inefficient Regular Expression Complexity Moderate
CVE-2009-1190 was published for org.springframework:spring-core (Maven) May 2, 2022
Polynomial regular expression used on uncontrolled data in nitrado.js High
CVE-2022-36034 was published for nitrado.js (npm) Aug 31, 2022
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
Inefficient Regular Expression Complexity in vuelidate High
CVE-2021-3794 was published for @vuelidate/validators (npm) Sep 20, 2021
madcatone
Inefficient Regular Expression Complexity in code-server High
CVE-2021-3810 was published for code-server (npm) Sep 20, 2021
Prototype pollution vulnerability in 'predefine' Critical
CVE-2020-28280 was published for predefine (npm) Oct 12, 2021
TuurDutoit
email-existence Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25049 was published for email-existence (npm) Dec 27, 2022
markdown-it vulnerable to Inefficient Regular Expression Complexity High
CVE-2015-10005 was published for markdown-it (npm) Dec 27, 2022
string-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4299 was published for string-kit (npm) Jan 2, 2023
ProTip! Advisories are also available from the GraphQL API