GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
24 advisories
Filter by severity
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of...
High
Unreviewed
CVE-2024-21538
was published
Nov 8, 2024
HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available...
High
Unreviewed
CVE-2020-26307
was published
Oct 26, 2024
Validate.js provides a declarative way of validating javascript objects. All versions as of 30...
High
Unreviewed
CVE-2020-26310
was published
Oct 26, 2024
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email....
High
Unreviewed
CVE-2024-48938
was published
Oct 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7...
High
Unreviewed
CVE-2024-8124
was published
Sep 12, 2024
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed...
High
Unreviewed
CVE-2024-6232
was published
Sep 3, 2024
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard...
High
Unreviewed
CVE-2024-7592
was published
Aug 19, 2024
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to...
High
Unreviewed
CVE-2024-5552
was published
Jun 6, 2024
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-28716
was published
Apr 30, 2024
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 ...
High
Unreviewed
CVE-2024-4056
was published
Apr 26, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16...
High
Unreviewed
CVE-2024-2829
was published
Apr 25, 2024
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3...
High
Unreviewed
CVE-2023-40599
was published
Aug 25, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0...
High
Unreviewed
CVE-2023-3994
was published
Aug 2, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8,...
High
Unreviewed
CVE-2023-0632
was published
Aug 2, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16...
High
Unreviewed
CVE-2023-3364
was published
Aug 2, 2023
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue...
High
Unreviewed
CVE-2023-39174
was published
Jul 25, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15...
High
Unreviewed
CVE-2023-3424
was published
Jul 13, 2023
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial...
High
Unreviewed
CVE-2023-32610
was published
Jun 29, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15...
High
Unreviewed
CVE-2023-2198
was published
Jun 7, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15...
High
Unreviewed
CVE-2023-2199
was published
Jun 7, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15...
High
Unreviewed
CVE-2023-2132
was published
Jun 6, 2023
Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of...
High
Unreviewed
CVE-2021-32848
was published
Feb 20, 2023
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic....
High
Unreviewed
CVE-2020-36661
was published
Feb 12, 2023
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS)...
High
Unreviewed
CVE-2022-29158
was published
Sep 3, 2022
ProTip!
Advisories are also available from the
GraphQL API