GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
120 advisories
Filter by severity
Django DoS in django.views.static.serve
High
CVE-2015-0221
was published
for
Django
(pip)
May 17, 2022
Django is vulnerable to Denial of Service attack in formset
Moderate
CVE-2013-0306
was published
for
Django
(pip)
May 5, 2022
Django ReDoS in validators.URLValidator
High
CVE-2015-5145
was published
for
Django
(pip)
May 17, 2022
Django Denial of Service Vulnerability in the authentication framework
High
CVE-2013-1443
was published
for
Django
(pip)
May 17, 2022
Django denial of service via file upload naming
High
CVE-2014-0481
was published
for
Django
(pip)
May 14, 2022
vLLM Denial of Service via the best_of parameter
Moderate
CVE-2024-8939
was published
for
vllm
(pip)
Sep 17, 2024
Django Image Field Vulnerable to Image Decompression Bombs
High
CVE-2012-3443
was published
for
Django
(pip)
May 17, 2022
Django Regex Algorithmic Complexity Causes Denial of Service
High
CVE-2009-3695
was published
for
Django
(pip)
May 2, 2022
Django vulnerable to Denial of Service via i18n middleware component
Moderate
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
Regular Expression Denial of Service in CairoSVG
High
CVE-2021-21236
was published
for
CairoSVG
(pip)
Jan 6, 2021
Apprise vulnerable to regex injection with IFTTT Plugin
High
CVE-2021-39229
was published
for
apprise
(pip)
Sep 20, 2021
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
regular expression denial-of-service (ReDoS) in Bleach
High
CVE-2020-6817
was published
for
bleach
(pip)
Mar 30, 2020
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib
High
GHSA-g4m4-9q4c-mfw6
was published
for
fiona
(pip)
Jul 16, 2024
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
Django memory consumption vulnerability
Moderate
CVE-2024-41989
was published
for
Django
(pip)
Aug 7, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2019-14232
was published
for
django
(pip)
Aug 6, 2019
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
Apache Superset uncontrolled resource consumption
Moderate
CVE-2023-46104
was published
for
apache-superset
(pip)
Dec 19, 2023
ProTip!
Advisories are also available from the
GraphQL API