GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
angular vulnerable to super-linear runtime due to backtracking
High
CVE-2024-21490
was published
for
angular
(Maven)
Feb 10, 2024
Liferay Portal has Inefficient Regular Expression
Moderate
CVE-2023-33950
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function
Moderate
CVE-2022-25901
was published
for
cookiejar
(Maven)
Jan 18, 2023
Inefficient Regular Expression Complexity in Liferay Portal
High
CVE-2022-42124
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking
High
CVE-2022-31781
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jul 14, 2022
Regular expression denial of service in Delight Nashorn Sandbox
High
CVE-2021-40660
was published
for
org.javadelight:delight-nashorn-sandbox
(Maven)
Jun 15, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30973
was published
for
org.apache.tika:tika-core
(Maven)
Jun 1, 2022
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16555
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
Regular expression denial of service in Apache ShenYu
High
CVE-2022-26650
was published
for
org.apache.shenyu:shenyu
(Maven)
May 18, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30126
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Spring Framework Inefficient Regular Expression Complexity
Moderate
CVE-2009-1190
was published
for
org.springframework:spring-core
(Maven)
May 2, 2022
Uncontrolled Resource Consumption in Apache DolphinScheduler
High
CVE-2022-25598
was published
for
apache-dolphinscheduler
(Maven)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API