Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
SystemDS CPU exhaustion vulnerability High
CVE-2022-26477 was published for org.apache.systemds:systemds (Maven) Jun 28, 2022
Hyperledger indy-node vulnerable to denial of service High
CVE-2022-31006 was published for indy-node (pip) Sep 16, 2022
cre8
Uncontrolled Resource Consumption in urllib3 High
CVE-2020-7212 was published for urllib3 (pip) Apr 30, 2021
Denial of Service in Onionshare High
CVE-2022-21689 was published for onionshare-cli (pip) Jan 21, 2022
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption High
CVE-2015-5162 was published for cinder (pip) May 14, 2022
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption High
CVE-2022-24294 was published for mxnet (pip) Jul 25, 2022
raboof
Uncontrolled Resource Consumption in asyncua and opcua High
CVE-2022-25304 was published for asyncua (pip) Aug 24, 2022
GoetzGoerisch tdunlap607
VTK NULL pointer dereference vulnerability High
CVE-2021-42521 was published for vtk (pip) Aug 26, 2022
Stack overflow in TensorFlow High
CVE-2022-23591 was published for tensorflow (pip) Feb 9, 2022
Uncontrolled Resource Consumption in Apache DolphinScheduler High
CVE-2022-25598 was published for apache-dolphinscheduler (Maven) Mar 31, 2022
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
Pygments vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-27291 was published for Pygments (pip) Mar 29, 2021
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters High
CVE-2021-33503 was published for urllib3 (pip) Jun 1, 2021
NariyoshiChida ap-wtioit
Pillow subject to DoS via SAMPLESPERPIXEL tag High
CVE-2022-45199 was published for pillow (pip) Nov 14, 2022
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files High
CVE-2023-30798 was published for starlette (pip) Apr 21, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times High
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics High
CVE-2023-43810 was published for opentelemetry-instrumentation (pip) Oct 2, 2023
programmer04
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database