GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
235 advisories
Filter by severity
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Moderate
CVE-2024-25126
was published
for
rack
(RubyGems)
Feb 28, 2024
Regular expression denial-of-service in Django
Moderate
CVE-2024-27351
was published
for
django
(pip)
Mar 15, 2024
Denial of service via regular expression
High
CVE-2024-28865
was published
for
wiki
(pip)
Mar 18, 2024
[TagAwareCipher] - Decryption Failure (Regex Match)
Low
CVE-2024-28864
was published
for
ilicmiljan/secure-props
(Composer)
Mar 18, 2024
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2024-21503
was published
for
black
(pip)
Mar 19, 2024
domain-suffix RegEx Denial of Service
High
CVE-2024-25354
was published
for
domain-suffix
(npm)
Mar 28, 2024
SheetJS Regular Expression Denial of Service (ReDoS)
High
CVE-2024-22363
was published
for
xlsx
(npm)
Apr 5, 2024
Pydantic regular expression denial of service
Moderate
CVE-2024-3772
was published
for
pydantic
(pip)
Apr 15, 2024
TCPDF vulnerable to Regular Expression Denial of Service
Moderate
CVE-2024-22640
was published
for
tecnickcom/tcpdf
(Composer)
Apr 19, 2024
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 ...
High
Unreviewed
CVE-2024-4056
was published
Apr 26, 2024
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-28716
was published
Apr 30, 2024
Regular Expression Denial of Service (ReDoS) in micromatch
Moderate
CVE-2024-4067
was published
for
micromatch
(npm)
May 14, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header
High
CVE-2014-5244
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to...
High
Unreviewed
CVE-2024-5552
was published
Jun 6, 2024
ua-parser/uap-php ReDoS vulnerability
Moderate
GHSA-78hm-5hjw-58mh
was published
for
ua-parser/uap-php
(Composer)
Jun 7, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to...
Moderate
Unreviewed
CVE-2024-1495
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16...
Moderate
Unreviewed
CVE-2024-1963
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting...
Moderate
Unreviewed
CVE-2024-1736
was published
Jun 13, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5...
Moderate
Unreviewed
CVE-2024-1493
was published
Jun 27, 2024
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Moderate
CVE-2024-39316
was published
for
rack
(RubyGems)
Jul 3, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial...
Low
Unreviewed
CVE-2024-6434
was published
Jul 4, 2024
Wagtail regular expression denial-of-service via search query parsing
Moderate
CVE-2024-39317
was published
for
wagtail
(pip)
Jul 11, 2024
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
ProTip!
Advisories are also available from the
GraphQL API