Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
vLLM Denial of Service via the best_of parameter Moderate
CVE-2024-8939 was published for vllm (pip) Sep 17, 2024
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Improper line feed handling in zenml Moderate
CVE-2024-4460 was published for zenml (pip) Jun 24, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain-community (pip) Jun 6, 2024
eyurtsev efriis
Duplicate Advisory: Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
python-jose denial of service via compressed JWE content Moderate
CVE-2024-33664 was published for python-jose (pip) Apr 26, 2024
garyd203
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value Moderate
CVE-2023-6681 was published for jwcrypto (pip) Dec 28, 2023
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Ethereum ABI decoder DoS when parsing ZST Moderate
GHSA-rqr8-pxh7-cq3g was published for eth-abi (pip) Nov 24, 2023
maxammann
Django Denial-of-service in django.utils.text.Truncator Moderate
CVE-2023-43665 was published for django (pip) Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri Moderate
CVE-2023-41164 was published for django (pip) Nov 3, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 davidism
Denial of service in neutron Moderate
CVE-2023-3637 was published for neutron (pip) Jul 25, 2023
Withdrawn: scipy memory leak vulnerability Moderate
CVE-2023-25399 was published for scipy (pip) Jul 5, 2023 withdrawn
Synapse Denial of service due to incorrect application of event authorization rules during state resolution Moderate
CVE-2022-39374 was published for matrix-synapse (pip) May 24, 2023
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files Moderate
CVE-2023-28837 was published for wagtail (pip) Apr 3, 2023
RealOrangeOne
openstack-neutron uncontrolled resource consumption flaw Moderate
CVE-2022-3277 was published for neutron (pip) Mar 7, 2023
MultipartParser denial of service with too many fields or files Moderate
GHSA-74m5-2c7w-9w3x was published for starlette (pip) Feb 14, 2023
das7pad
ReDoS issue in dparse Moderate
CVE-2022-39280 was published for dparse (pip) Sep 27, 2022
Denial of service in `tf.ragged.constant` due to lack of validation Moderate
CVE-2022-29202 was published for tensorflow (pip) May 24, 2022
OpenStack Mistral DoS Moderate
CVE-2018-16848 was published for mistral (pip) May 24, 2022
MoinMoin Denial of Service vulnerability via password_checker function Moderate
CVE-2008-6549 was published for moin (pip) May 17, 2022
Zope Denial of Service (DoS) vulnerability in ZServer Moderate
CVE-2010-3198 was published for Zope (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API