Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

75 advisories

Loading
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix Moderate
CVE-2026-45409 was published for idna (pip) May 19, 2026
StanFromIreland Credited to StanFromIreland and kjd kjd kjd
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS) Moderate
CVE-2026-44796 was published for nautobot (pip) May 13, 2026
whatisproblem Credited to whatisproblem
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input High
CVE-2026-33079 was published for mistune (pip) May 6, 2026
kq5y Credited to kq5y
Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check Low
CVE-2026-40319 was published for giskard-checks (pip) Apr 14, 2026
dhabaleshwar Credited to dhabaleshwar
PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() Moderate
CVE-2026-34939 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching Low
CVE-2026-4539 was published for Pygments (pip) Mar 22, 2026
nzlaura Credited to nzlaura and dnegreira dnegreira dnegreira
multipart vulnerable to ReDoS in `parse_options_header()` High
CVE-2026-28356 was published for multipart (pip) Mar 12, 2026
sharanxP Credited to sharanxP
pypdf has possible long runtimes for malformed startxref Low
CVE-2026-22691 was published for pypdf (pip) Jan 9, 2026
mkaalto Credited to mkaalto and stefan6419846 stefan6419846 stefan6419846
PyMdown Extensions has a ReDOS bug in its Figure Capture extension Low
CVE-2025-68142 was published for pymdown-extensions (pip) Dec 16, 2025
Hugging Face Transformers library has Regular Expression Denial of Service Moderate
CVE-2025-6051 was published for transformers (pip) Sep 14, 2025
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer Moderate
CVE-2025-6638 was published for transformers (pip) Sep 12, 2025
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54364 was published for knack (pip) Aug 20, 2025 withdrawn
Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module Low
CVE-2025-54363 was published for knack (pip) Aug 20, 2025 withdrawn
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-5197 was published for transformers (pip) Aug 6, 2025
copyparty allows Regex Denial of Service (ReDoS) in the upload listing High
CVE-2025-54796 was published for copyparty (pip) Aug 4, 2025
geraldino2 Credited to geraldino2
Calibre Web and Autocaliweb have a ReDoS vulnerability High
CVE-2025-6998 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix Credited to gelbphoenix
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki Credited to dhki and rennf93 rennf93 rennf93
Transformers is vulnerable to ReDoS attack through its DonutProcessor class Moderate
CVE-2025-3933 was published for transformers (pip) Jul 11, 2025
fastapi-guard is vulnerable to ReDoS through inefficient regex Moderate
CVE-2025-53539 was published for fastapi-guard (pip) Jul 7, 2025
Cycloctane Credited to Cycloctane and rennf93 rennf93 rennf93
Transformers vulnerable to ReDoS attack through its get_imports() function Moderate
CVE-2025-3264 was published for transformers (pip) Jul 7, 2025
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking Moderate
CVE-2025-3263 was published for transformers (pip) Jul 7, 2025
Transformers vulnerable to ReDoS attack through its SETTING_RE variable Moderate
CVE-2025-3262 was published for transformers (pip) Jul 7, 2025
vLLM vulnerable to Regular Expression Denial of Service Moderate
GHSA-j828-28rj-hfhp was published for vllm (pip) May 28, 2025
kexinoh Credited to kexinoh, russellb, and mgoin russellb russellb
mgoin mgoin
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
CVE-2025-48887 was published for vllm (pip) May 28, 2025
kexinoh Credited to kexinoh, russellb, and mgoin russellb russellb
mgoin mgoin
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
cai0duque Credited to cai0duque
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database