Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,793 advisories

Loading
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25289 was published for @octokit/request-error (npm) Feb 14, 2025
ShiyuBanzhou
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-25288 was published for @octokit/plugin-paginate-rest (npm) Feb 14, 2025
ShiyuBanzhou
Vega allows Cross-site Scripting via the vlSelectionTuples function Moderate
CVE-2025-25304 was published for vega (npm) Feb 14, 2025
FallingPineapples domoritz
angular vulnerable to regular expression denial of service via the angular.copy() utility Moderate
CVE-2023-26116 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element Moderate
CVE-2023-26118 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service Moderate
CVE-2023-26117 was published for angular (npm) Mar 30, 2023
DOMPurify allows Cross-site Scripting (XSS) Moderate
CVE-2025-26791 was published for dompurify (npm) Feb 14, 2025
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack High
CVE-2023-46234 was published for browserify-sign (npm) Oct 26, 2023
roadicing ljharb
katzj
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
llhttp vulnerable to HTTP request smuggling High
CVE-2023-30589 was published for llhttp (npm) Jul 1, 2023
word-wrap vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-26115 was published for word-wrap (npm) Jun 22, 2023
engine.io Uncaught Exception vulnerability Moderate
CVE-2023-31125 was published for engine.io (npm) May 3, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Broken Authentication in Atlassian Connect Express High
CVE-2021-26073 was published for atlassian-connect-express (npm) May 24, 2022
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory High
CVE-2025-25283 was published for parse-duration (npm) Feb 12, 2025
lirantal
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Critical
GHSA-vjh7-7g9h-fjfh was published for elliptic (npm) Feb 12, 2025
ChALkeR
Inefficient Regular Expression Complexity in koa Critical
CVE-2025-25200 was published for koa (npm) Feb 12, 2025
R4356th
ProTip! Advisories are also available from the GraphQL API