GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
3,793 advisories
Filter by severity
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
angular vulnerable to regular expression denial of service via the angular.copy() utility
Moderate
CVE-2023-26116
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element
Moderate
CVE-2023-26118
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service
Moderate
CVE-2023-26117
was published
for
angular
(npm)
Mar 30, 2023
DOMPurify allows Cross-site Scripting (XSS)
Moderate
CVE-2025-26791
was published
for
dompurify
(npm)
Feb 14, 2025
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
llhttp vulnerable to HTTP request smuggling
High
CVE-2023-30589
was published
for
llhttp
(npm)
Jul 1, 2023
word-wrap vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-26115
was published
for
word-wrap
(npm)
Jun 22, 2023
engine.io Uncaught Exception vulnerability
Moderate
CVE-2023-31125
was published
for
engine.io
(npm)
May 3, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
High
CVE-2023-0835
was published
for
markdown-pdf
(npm)
Apr 5, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function
Moderate
CVE-2022-25901
was published
for
cookiejar
(Maven)
Jan 18, 2023
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
Broken Authentication in Atlassian Connect Express
High
CVE-2021-26073
was published
for
atlassian-connect-express
(npm)
May 24, 2022
parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
High
CVE-2025-25283
was published
for
parse-duration
(npm)
Feb 12, 2025
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Critical
GHSA-vjh7-7g9h-fjfh
was published
for
elliptic
(npm)
Feb 12, 2025
Inefficient Regular Expression Complexity in koa
Critical
CVE-2025-25200
was published
for
koa
(npm)
Feb 12, 2025
ProTip!
Advisories are also available from the
GraphQL API