GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            353 advisories
        Filter by severity
        
      
      
    
                    
                      Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
                    
                      
  Low
                    
                
                      
                        CVE-2025-61581
                      
                      was published
                        for
                        
                          github.com/apache/trafficcontrol/v8
                        
                        (Go)
                      Oct 16, 2025 
                    
                  
                    
                      Sinatra is vulnerable to ReDoS through ETag header value generation
                    
                      
  Low
                    
                
                      
                        CVE-2025-61921
                      
                      was published
                        for
                        
                          sinatra
                        
                        (RubyGems)
                      Oct 10, 2025 
                    
                  
                    
                      Hugging Face Transformers library has Regular Expression Denial of Service
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-6051
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Sep 14, 2025 
                    
                  
                    
                      Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-6638
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Sep 12, 2025 
                    
                  
                    
                      Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity
                    
                      
  High
                    
                
                      
                        CVE-2025-58451
                      
                      was published
                        for
                        
                          cattown
                        
                        (npm)
                      Sep 9, 2025 
                    
                  
                    
                      Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-43764
                      
                      was published
                        for
                        
                          com.liferay:com.liferay.portal.workflow.kaleo.designer.web
                        
                        (Maven)
                      Aug 23, 2025 
                    
                  
                    
                      Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
                    
                      
  Low
                    
                
                      
                        CVE-2025-54364
                      
                      was published
                        for
                        
                          knack
                        
                        (pip)
                      Aug 20, 2025 
                        •
                        
                          withdrawn
                    
                  
                    
                      Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module
                    
                      
  Low
                    
                
                      
                        CVE-2025-54363
                      
                      was published
                        for
                        
                          knack
                        
                        (pip)
                      Aug 20, 2025 
                        •
                        
                          withdrawn
                    
                  
                    
                      A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-4690
                      
                      was published
                      Aug 19, 2025 
                    
                  
                    
                      IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-33090
                      
                      was published
                      Aug 18, 2025 
                    
                  
                    
                      An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-2937
                      
                      was published
                      Aug 13, 2025 
                    
                  
                    
                      Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-5197
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Aug 6, 2025 
                    
                  
                    
                      copyparty allows Regex Denial of Service (ReDoS) in the upload listing
                    
                      
  High
                    
                
                      
                        CVE-2025-54796
                      
                      was published
                        for
                        
                          copyparty
                        
                        (pip)
                      Aug 4, 2025 
                    
                  
                    
                      Calibre Web and Autocaliweb have a ReDoS vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2025-6998
                      
                      was published
                        for
                        
                          calibreweb
                        
                        (pip)
                      Jul 24, 2025 
                    
                  
                    
                      FastAPI Guard has a regex bypass
                    
                      
  High
                    
                
                      
                        CVE-2025-54365
                      
                      was published
                        for
                        
                          fastapi-guard
                        
                        (pip)
                      Jul 23, 2025 
                    
                  
                    
                      @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
                    
                      
  Low
                    
                
                      
                        GHSA-xffm-g5w8-qvg7
                      
                      was published
                        for
                        
                          @eslint/plugin-kit
                        
                        (npm)
                      Jul 18, 2025 
                    
                  
                    
                      Transformers is vulnerable to ReDoS attack through its DonutProcessor class
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-3933
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Jul 11, 2025 
                    
                  
                    
                      fastapi-guard is vulnerable to ReDoS through inefficient regex
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-53539
                      
                      was published
                        for
                        
                          fastapi-guard
                        
                        (pip)
                      Jul 7, 2025 
                    
                  
                    
                      Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-3263
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Jul 7, 2025 
                    
                  
                    
                      Transformers vulnerable to ReDoS attack through its get_imports() function
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-3264
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Jul 7, 2025 
                    
                  
                    
                      Transformers vulnerable to ReDoS attack through its SETTING_RE variable
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-3262
                      
                      was published
                        for
                        
                          transformers
                        
                        (pip)
                      Jul 7, 2025 
                    
                  
                    
                      A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-7074
                      
                      was published
                      Jul 5, 2025 
                    
                  
                    
                      string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) 
                    
                      
  Low
                    
                
                      
                        CVE-2025-45143
                      
                      was published
                        for
                        
                          string-math
                        
                        (npm)
                      Jun 30, 2025 
                    
                  
                    
                      Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-43880
                      
                      was published
                      Jun 25, 2025 
                    
                  
                    
                      A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-4025
                      
                      was published
                      Jun 20, 2025 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API