GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35516
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35517
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-36090
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Apache Ant
Moderate
CVE-2021-36373
was published
for
org.apache.ant:ant
(Maven)
Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Apache Ant
Moderate
CVE-2021-36374
was published
for
org.apache.ant:ant
(Maven)
Aug 2, 2021
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
High
GHSA-pv7r-9vjg-g3f9
was published
for
github.com/apple/swift-nio-http2
(Swift)
Feb 11, 2022
•
withdrawn
RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency
High
CVE-2022-2714
was published
for
francoisjacquet/rosariosis
(Composer)
Sep 7, 2022
rdiffweb's unlimited username field length can lead to DoS
High
CVE-2022-3290
was published
for
rdiffweb
(pip)
Sep 27, 2022
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
High
CVE-2022-24666
was published
for
github.com/apple/swift-nio-http2
(Swift)
May 18, 2023
Improper handling of NTS cookie length that could crash the ntpd-rs server
High
CVE-2023-33192
was published
for
ntpd
(Rust)
May 25, 2023
Jetty accepts "+" prefixed value in Content-Length
Moderate
CVE-2023-40167
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Sep 14, 2023
Out of memory error when submitting the dataset form with a specially-crafted field
Moderate
CVE-2023-50248
was published
for
ckan
(pip)
Dec 13, 2023
Django vulnerable to Denial of Service
High
CVE-2024-38875
was published
for
Django
(pip)
Jul 10, 2024
Django vulnerable to Denial of Service
High
CVE-2024-39614
was published
for
Django
(pip)
Jul 10, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Low
CVE-2024-42460
was published
for
elliptic
(npm)
Aug 2, 2024
Django vulnerable to a denial-of-service attack
Moderate
CVE-2024-41990
was published
for
Django
(pip)
Aug 7, 2024
Django vulnerable to denial-of-service attack
Moderate
CVE-2024-41991
was published
for
Django
(pip)
Aug 7, 2024
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
ProTip!
Advisories are also available from the
GraphQL API