GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
120 advisories
Filter by severity
plone.rest vulnerable to Denial of Service when ++api++ is used many times
High
CVE-2023-42457
was published
for
plone.rest
(pip)
Sep 21, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads
Low
CVE-2023-37481
was published
for
ethyca-fides
(pip)
Jul 18, 2023
Fides Webserver Vulnerable to Zip Bomb File Uploads
Low
CVE-2023-37480
was published
for
ethyca-fides
(pip)
Jul 18, 2023
Withdrawn: scipy memory leak vulnerability
Moderate
CVE-2023-25399
was published
for
scipy
(pip)
Jul 5, 2023
•
withdrawn
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
Moderate
CVE-2022-39374
was published
for
matrix-synapse
(pip)
May 24, 2023
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
High
CVE-2023-30798
was published
for
starlette
(pip)
Apr 21, 2023
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Moderate
CVE-2023-28837
was published
for
wagtail
(pip)
Apr 3, 2023
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
openstack-neutron uncontrolled resource consumption flaw
Moderate
CVE-2022-3277
was published
for
neutron
(pip)
Mar 7, 2023
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
MultipartParser denial of service with too many fields or files
Moderate
GHSA-74m5-2c7w-9w3x
was published
for
starlette
(pip)
Feb 14, 2023
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
Pillow subject to DoS via SAMPLESPERPIXEL tag
High
CVE-2022-45199
was published
for
pillow
(pip)
Nov 14, 2022
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
Hyperledger indy-node vulnerable to denial of service
High
CVE-2022-31006
was published
for
indy-node
(pip)
Sep 16, 2022
VTK NULL pointer dereference vulnerability
High
CVE-2021-42521
was published
for
vtk
(pip)
Aug 26, 2022
Uncontrolled Resource Consumption in asyncua and opcua
High
CVE-2022-25304
was published
for
asyncua
(pip)
Aug 24, 2022
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
High
CVE-2022-24294
was published
for
mxnet
(pip)
Jul 25, 2022
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
Denial of service in `tf.ragged.constant` due to lack of validation
Moderate
CVE-2022-29202
was published
for
tensorflow
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API