Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

392 advisories

Loading
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
Addressable has a Regular Expression Denial of Service in Addressable templates High
CVE-2026-35611 was published for addressable (RubyGems) Apr 8, 2026
jamfish Credited to jamfish and sporkmonger sporkmonger sporkmonger
Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature High
CVE-2026-35458 was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 7, 2026
beryxz Credited to beryxz and drw0if drw0if drw0if
@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing High
CVE-2026-35213 was published for @hapi/content (npm) Apr 4, 2026
PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() Moderate
CVE-2026-34939 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards Moderate
CVE-2026-4923 was published for path-to-regexp (npm) Mar 27, 2026
blakeembrey Credited to blakeembrey and UlisesGascon UlisesGascon UlisesGascon
path-to-regexp vulnerable to Denial of Service via sequential optional groups High
CVE-2026-4926 was published for path-to-regexp (npm) Mar 27, 2026
uug4na Credited to uug4na, blakeembrey, and UlisesGascon blakeembrey blakeembrey
UlisesGascon UlisesGascon
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters High
CVE-2026-4867 was published for path-to-regexp (npm) Mar 27, 2026
EthanKim88 Credited to EthanKim88, blakeembrey, and UlisesGascon blakeembrey blakeembrey
UlisesGascon UlisesGascon
A flaw was found in libssh. A remote attacker, by controlling client configuration files or... Low Unreviewed
CVE-2026-0967 was published Mar 26, 2026
Picomatch has a ReDoS vulnerability via extglob quantifiers High
CVE-2026-33671 was published for picomatch (npm) Mar 25, 2026
ByamB4 Credited to ByamB4, danez, and doowb danez danez
doowb doowb
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited Moderate
CVE-2026-33169 was published for activesupport (RubyGems) Mar 23, 2026
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching Low
CVE-2026-4539 was published for Pygments (pip) Mar 22, 2026
nzlaura Credited to nzlaura and dnegreira dnegreira dnegreira
multipart vulnerable to ReDoS in `parse_options_header()` High
CVE-2026-28356 was published for multipart (pip) Mar 12, 2026
sharanxP Credited to sharanxP
Elysia has a string URL format ReDoS High
CVE-2026-30837 was published for elysia (npm) Mar 10, 2026
EdamAme-x Credited to EdamAme-x
Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery High
CVE-2026-30925 was published for parse-server (npm) Mar 10, 2026
TinkAnet Credited to TinkAnet and mtrezza mtrezza mtrezza
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered... High Unreviewed
CVE-2025-70030 was published Mar 9, 2026
OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction Moderate
CVE-2026-22178 was published for openclaw (npm) Mar 2, 2026
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex)... High Unreviewed
CVE-2025-10990 was published Feb 27, 2026
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions High
CVE-2026-27904 was published for minimatch (npm) Feb 26, 2026
dolevmiz1 Credited to dolevmiz1
Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in... Moderate Unreviewed
CVE-2026-26936 was published Feb 26, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18... High Unreviewed
CVE-2026-1388 was published Feb 25, 2026
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern High
CVE-2026-26996 was published for minimatch (npm) Feb 18, 2026
AkshayJainG Credited to AkshayJainG, ljharb, G-Rath, thomas-schlein, isaacs, and SamanthaPersico ljharb ljharb
G-Rath G-Rath thomas-schlein thomas-schlein isaacs isaacs SamanthaPersico SamanthaPersico
markdown-it is has a Regular Expression Denial of Service (ReDoS) Moderate
CVE-2026-2327 was published for markdown-it (npm) Feb 12, 2026
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` High
CVE-2026-23897 was published for @apollo/server (npm) Feb 4, 2026
ChALkeR Credited to ChALkeR
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database