GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
59 advisories
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2019-1010266
was published
for
lodash
(RubyGems)
Jul 19, 2019
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2020-28500
was published
for
lodash
(RubyGems)
Jan 6, 2022
ReDoS Vulnerability in ua-parser-js version
High
CVE-2022-25927
was published
for
ua-parser-js
(npm)
Jan 24, 2023
validator.js has a URL validation bypass vulnerability in its isURL function
Moderate
CVE-2025-56200
was published
for
validator
(npm)
Sep 30, 2025
Parcel has an Origin Validation Error vulnerability
Moderate
CVE-2025-56648
was published
for
@parcel/reporter-dev-server
(npm)
Sep 17, 2025
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
min-document vulnerable to prototype pollution
Low
CVE-2025-57352
was published
for
min-document
(npm)
Sep 24, 2025
glob CLI: Command injection via -c/--cmd executes matches with shell:true
High
CVE-2025-64756
was published
for
glob
(npm)
Nov 17, 2025
ProTip!
Advisories are also available from the
GraphQL API