Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Loading
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a... Moderate Unreviewed
CVE-2025-43880 was published Jun 25, 2025
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions... Moderate Unreviewed
CVE-2024-4025 was published Jun 20, 2025
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion Low
CVE-2025-48059 was published for com.powsybl:powsybl-contingency-api (Maven) Jun 19, 2025
arthurscchan AdamKorcz
rolnico olperr1
Credited to arthurscchan, AdamKorcz, rolnico, and olperr1
PowSyBl Core contains Polynomial REDoS’es Moderate
CVE-2025-48058 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
arthurscchan AdamKorcz
rolnico olperr1
Credited to arthurscchan, AdamKorcz, rolnico, and olperr1
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain... Moderate Unreviewed
CVE-2025-6069 was published Jun 17, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
mhassan1
Credited to mhassan1
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1.... Moderate Unreviewed
CVE-2025-5892 was published Jun 9, 2025
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects... Moderate Unreviewed
CVE-2025-5895 was published Jun 9, 2025
vLLM vulnerable to Regular Expression Denial of Service Moderate
GHSA-j828-28rj-hfhp was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
Credited to kexinoh, russellb, and mgoin
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
CVE-2025-48887 was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
Credited to kexinoh, russellb, and mgoin
Marked allows Regular Expression Denial of Service (ReDoS) attacks Moderate
CVE-2018-25110 was published for marked (npm) May 23, 2025
Hugging Face Transformers Regular Expression Denial of Service Moderate
CVE-2025-2099 was published for transformers (pip) May 19, 2025
cai0duque
Credited to cai0duque
A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as... Low Unreviewed
CVE-2025-4215 was published May 2, 2025
phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh d3do-23
lonelyuan russellb DarkLight1337 Isotr0py
Credited to kexinoh, d3do-23, lonelyuan, russellb, DarkLight1337, and Isotr0py
Transformers Regular Expression Denial of Service (ReDoS) vulnerability Moderate
CVE-2025-1194 was published for transformers (pip) Apr 29, 2025
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker... High Unreviewed
CVE-2024-13926 was published Apr 19, 2025
The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin... Moderate Unreviewed
CVE-2024-13896 was published Apr 10, 2025
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking Moderate
CVE-2025-26042 was published for uptime-kuma (npm) Mar 31, 2025
ShiyuBanzhou
Credited to ShiyuBanzhou
Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport... High Unreviewed
CVE-2023-0881 was published Mar 31, 2025
@mozilla/readability Denial of Service through Regex Low
CVE-2025-2792 was published for @mozilla/readability (npm) Mar 26, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version... High Unreviewed
CVE-2024-8998 was published Mar 20, 2025
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-8763 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database