GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib
High
GHSA-g4m4-9q4c-mfw6
was published
for
fiona
(pip)
Jul 16, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
python-multipart
(pip)
Feb 12, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Pillow Denial of Service vulnerability
High
CVE-2023-44271
was published
for
pillow
(pip)
Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows
High
CVE-2023-46695
was published
for
Django
(pip)
Nov 2, 2023
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
High
CVE-2023-43810
was published
for
opentelemetry-instrumentation
(pip)
Oct 2, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
High
CVE-2022-39374
was published
for
matrix-synapse
(pip)
May 24, 2023
Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
High
GHSA-3qj8-93xh-pwh2
was published
for
starlette
(pip)
Apr 21, 2023
•
withdrawn
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
MultipartParser denial of service with too many fields or files
High
CVE-2023-30798
was published
for
starlette
(pip)
Feb 14, 2023
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
Pillow subject to DoS via SAMPLESPERPIXEL tag
High
CVE-2022-45199
was published
for
pillow
(pip)
Nov 14, 2022
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
ProTip!
Advisories are also available from the
GraphQL API