GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
Hyperledger indy-node vulnerable to denial of service
High
CVE-2022-31006
was published
for
indy-node
(pip)
Sep 16, 2022
Uncontrolled Resource Consumption in urllib3
High
CVE-2020-7212
was published
for
urllib3
(pip)
Apr 30, 2021
Denial of Service in Onionshare
High
CVE-2022-21689
was published
for
onionshare-cli
(pip)
Jan 21, 2022
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
High
CVE-2015-5162
was published
for
cinder
(pip)
May 14, 2022
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
High
CVE-2022-24294
was published
for
mxnet
(pip)
Jul 25, 2022
Uncontrolled Resource Consumption in asyncua and opcua
High
CVE-2022-25304
was published
for
asyncua
(pip)
Aug 24, 2022
VTK NULL pointer dereference vulnerability
High
CVE-2021-42521
was published
for
vtk
(pip)
Aug 26, 2022
Uncontrolled Resource Consumption in Apache DolphinScheduler
High
CVE-2022-25598
was published
for
apache-dolphinscheduler
(Maven)
Mar 31, 2022
py vulnerable to Regular Expression Denial of Service
High
CVE-2020-29651
was published
for
py
(pip)
Apr 20, 2021
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2021-27291
was published
for
Pygments
(pip)
Mar 29, 2021
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
websockets is vulnerable to denial of service by memory exhaustion
High
CVE-2018-1000518
was published
for
websockets
(pip)
Sep 17, 2018
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
High
CVE-2021-33503
was published
for
urllib3
(pip)
Jun 1, 2021
Pillow subject to DoS via SAMPLESPERPIXEL tag
High
CVE-2022-45199
was published
for
pillow
(pip)
Nov 14, 2022
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
High
CVE-2023-30798
was published
for
starlette
(pip)
Apr 21, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times
High
CVE-2023-42457
was published
for
plone.rest
(pip)
Sep 21, 2023
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
High
CVE-2023-43810
was published
for
opentelemetry-instrumentation
(pip)
Oct 2, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API