GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
71 advisories
Filter by severity
Hyperledger indy-node vulnerable to denial of service
High
CVE-2022-31006
was published
for
indy-node
(pip)
Sep 16, 2022
Uncontrolled Resource Consumption in urllib3
High
CVE-2020-7212
was published
for
urllib3
(pip)
Apr 30, 2021
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
High
CVE-2015-5162
was published
for
cinder
(pip)
May 14, 2022
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
High
CVE-2022-24294
was published
for
mxnet
(pip)
Jul 25, 2022
Uncontrolled Resource Consumption in asyncua and opcua
High
CVE-2022-25304
was published
for
asyncua
(pip)
Aug 24, 2022
VTK NULL pointer dereference vulnerability
High
CVE-2021-42521
was published
for
vtk
(pip)
Aug 26, 2022
Uncontrolled Resource Consumption in Apache DolphinScheduler
High
CVE-2022-25598
was published
for
apache-dolphinscheduler
(Maven)
Mar 31, 2022
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
websockets is vulnerable to denial of service by memory exhaustion
High
CVE-2018-1000518
was published
for
websockets
(pip)
Sep 17, 2018
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
High
CVE-2021-33503
was published
for
urllib3
(pip)
Jun 1, 2021
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
High
CVE-2023-43810
was published
for
opentelemetry-instrumentation
(pip)
Oct 2, 2023
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
High
CVE-2017-17051
was published
for
nova
(pip)
May 13, 2022
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib
High
GHSA-g4m4-9q4c-mfw6
was published
for
fiona
(pip)
Jul 16, 2024
regular expression denial-of-service (ReDoS) in Bleach
High
CVE-2020-6817
was published
for
bleach
(pip)
Mar 30, 2020
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
Apprise vulnerable to regex injection with IFTTT Plugin
High
CVE-2021-39229
was published
for
apprise
(pip)
Sep 20, 2021
ProTip!
Advisories are also available from the
GraphQL API