GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9,315 advisories
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Moderate
CVE-2025-25296
was published
for
label-studio
(pip)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
Possible Log Injection in Rack::CommonLogger
Moderate
CVE-2025-25184
was published
for
rack
(RubyGems)
Feb 12, 2025
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Moderate
CVE-2025-25204
was published
for
github.com/cli/cli/v2
(Go)
Feb 14, 2025
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Moderate
CVE-2025-1057
was published
for
keylime
(pip)
Feb 14, 2025
Denial of Service attack on windows app using Netty
Moderate
CVE-2025-25193
was published
for
io.netty:netty-common
(Maven)
Feb 10, 2025
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Moderate
CVE-2024-22195
was published
for
jinja2
(pip)
Jan 11, 2024
ProTip!
Advisories are also available from the
GraphQL API