Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix Moderate
CVE-2026-45409 was published for idna (pip) May 19, 2026
StanFromIreland Credited to StanFromIreland and kjd kjd kjd
Svelte: ReDoS in `<svelte:element>` Tag Validation Moderate
CVE-2026-42567 was published for svelte (npm) May 14, 2026
Meltedd Credited to Meltedd, dummdidumm, and elliott-with-the-longest-name-on-github dummdidumm dummdidumm
elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS) Moderate
CVE-2026-44796 was published for nautobot (pip) May 13, 2026
whatisproblem Credited to whatisproblem
ShellHub has crash-DoS via field injection in filter and sort-by parameters Moderate
CVE-2026-44425 was published for github.com/shellhub-io/shellhub (Go) May 6, 2026
Edu0x01 Credited to Edu0x01
fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification Moderate
CVE-2026-35041 was published for fast-jwt (npm) Apr 9, 2026
fasrm Credited to fasrm and SociableSteve SociableSteve SociableSteve
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() Moderate
CVE-2026-34939 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards Moderate
CVE-2026-4923 was published for path-to-regexp (npm) Mar 27, 2026
blakeembrey Credited to blakeembrey and UlisesGascon UlisesGascon UlisesGascon
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited Moderate
CVE-2026-33169 was published for activesupport (RubyGems) Mar 23, 2026
ch4n3-yoon Credited to ch4n3-yoon
OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction Moderate
CVE-2026-22178 was published for openclaw (npm) Mar 2, 2026
Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in... Moderate Unreviewed
CVE-2026-26936 was published Feb 26, 2026
markdown-it is has a Regular Expression Denial of Service (ReDoS) Moderate
CVE-2026-2327 was published for markdown-it (npm) Feb 12, 2026
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2026-22809 was published for tarteaucitronjs (npm) Jan 13, 2026
Yasha-ops Credited to Yasha-ops
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki -... Moderate Unreviewed
CVE-2026-0668 was published Jan 7, 2026
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability... Moderate Unreviewed
CVE-2025-5342 was published Oct 30, 2025
Hugging Face Transformers library has Regular Expression Denial of Service Moderate
CVE-2025-6051 was published for transformers (pip) Sep 14, 2025
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer Moderate
CVE-2025-6638 was published for transformers (pip) Sep 12, 2025
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet Moderate
CVE-2025-43764 was published for com.liferay:com.liferay.portal.workflow.kaleo.designer.web (Maven) Aug 23, 2025
A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter... Moderate Unreviewed
CVE-2025-4690 was published Aug 19, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1... Moderate Unreviewed
CVE-2025-2937 was published Aug 13, 2025
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-5197 was published for transformers (pip) Aug 6, 2025
Transformers is vulnerable to ReDoS attack through its DonutProcessor class Moderate
CVE-2025-3933 was published for transformers (pip) Jul 11, 2025
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane Credited to Cycloctane and rennf93 rennf93 rennf93
Transformers vulnerable to ReDoS attack through its get_imports() function Moderate
CVE-2025-3264 was published for transformers (pip) Jul 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database