GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
xhtml2pdf Denial of Service via crafted string
Moderate
CVE-2024-25885
was published
for
xhtml2pdf
(pip)
Oct 8, 2024
Inefficient Regular Expression Complexity in langflow
Moderate
CVE-2024-9277
was published
for
langflow
(pip)
Sep 27, 2024
Spring Framework DoS via conditional HTTP request
Moderate
CVE-2024-38809
was published
for
org.springframework:spring-web
(Maven)
Sep 24, 2024
Django vulnerable to denial-of-service attack
Moderate
CVE-2024-41991
was published
for
Django
(pip)
Aug 7, 2024
Wagtail regular expression denial-of-service via search query parsing
Moderate
CVE-2024-39317
was published
for
wagtail
(pip)
Jul 11, 2024
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Moderate
CVE-2024-39316
was published
for
rack
(RubyGems)
Jul 3, 2024
ua-parser/uap-php ReDoS vulnerability
Moderate
GHSA-78hm-5hjw-58mh
was published
for
ua-parser/uap-php
(Composer)
Jun 7, 2024
Regular Expression Denial of Service (ReDoS) in micromatch
Moderate
CVE-2024-4067
was published
for
micromatch
(npm)
May 14, 2024
TCPDF vulnerable to Regular Expression Denial of Service
Moderate
CVE-2024-22640
was published
for
tecnickcom/tcpdf
(Composer)
Apr 19, 2024
Pydantic regular expression denial of service
Moderate
CVE-2024-3772
was published
for
pydantic
(pip)
Apr 15, 2024
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2024-21503
was published
for
black
(pip)
Mar 19, 2024
Regular expression denial-of-service in Django
Moderate
CVE-2024-27351
was published
for
django
(pip)
Mar 15, 2024
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Moderate
CVE-2024-25126
was published
for
rack
(RubyGems)
Feb 28, 2024
nodemailer ReDoS when trying to send a specially crafted email
Moderate
GHSA-9h6g-pr28-7cqp
was published
for
nodemailer
(npm)
Jan 31, 2024
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link
Moderate
CVE-2023-45813
was published
for
torbot
(pip)
Oct 19, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
word-wrap vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-26115
was published
for
word-wrap
(npm)
Jun 22, 2023
Liferay Portal has Inefficient Regular Expression
Moderate
CVE-2023-33950
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-30608
was published
for
sqlparse
(pip)
Apr 21, 2023
ProTip!
Advisories are also available from the
GraphQL API