GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
Zope Denial of Service (DoS) vulnerability in ZServer
High
CVE-2010-3198
was published
for
Zope
(pip)
May 17, 2022
MoinMoin Denial of Service vulnerability via password_checker function
High
CVE-2008-6549
was published
for
moin
(pip)
May 17, 2022
Designate mDNS DoS through incorrect handling of large RecordSets
High
CVE-2015-5695
was published
for
designate
(pip)
May 17, 2022
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
websockets is vulnerable to denial of service by memory exhaustion
High
CVE-2018-1000518
was published
for
websockets
(pip)
Sep 17, 2018
VTK NULL pointer dereference vulnerability
High
CVE-2021-42521
was published
for
vtk
(pip)
Aug 26, 2022
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
High
CVE-2021-33503
was published
for
urllib3
(pip)
Jun 1, 2021
Uncontrolled Resource Consumption in urllib3
High
CVE-2020-7212
was published
for
urllib3
(pip)
Apr 30, 2021
Trac reStructuredText breach of privacy and denial of service vulnerability
High
CVE-2006-3695
was published
for
trac
(pip)
May 1, 2022
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Django vulnerable to Denial of Service via i18n middleware component
High
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
MultipartParser denial of service with too many fields or files
High
CVE-2023-30798
was published
for
starlette
(pip)
Feb 14, 2023
Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
High
GHSA-3qj8-93xh-pwh2
was published
for
starlette
(pip)
Apr 21, 2023
•
withdrawn
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
PyKMIP Denial of service vulnerability
High
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
py vulnerable to Regular Expression Denial of Service
High
CVE-2020-29651
was published
for
py
(pip)
Apr 20, 2021
Uncontrolled Resource Consumption in Pillow
High
CVE-2021-28677
was published
for
Pillow
(pip)
Jun 8, 2021
ProTip!
Advisories are also available from the
GraphQL API