GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
120 advisories
Filter by severity
Uncontrolled Resource Consumption in Indy Node
High
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Moderate
GHSA-7h5v-85w9-pq6c
was published
for
matrix-synapse
(pip)
May 19, 2021
Uncontrolled Resource Consumption in pillow
Moderate
GHSA-jgpv-4h4c-xhw3
was published
for
pillow
(pip)
Apr 23, 2021
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Uncontrolled Resource Consumption in pyftpdlib
Moderate
CVE-2009-5013
was published
for
pyftpdlib
(pip)
May 2, 2022
Denial of service attack via .well-known lookups
Moderate
CVE-2021-21274
was published
for
matrix-synapse
(pip)
Mar 1, 2021
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
tkvideo has a memory issue in playing videos
Moderate
CVE-2022-24902
was published
for
tkvideoplayer
(pip)
May 3, 2022
Hyperledger indy-node vulnerable to denial of service
High
CVE-2022-31006
was published
for
indy-node
(pip)
Sep 16, 2022
Regular Expression Denial of Service (REDoS) in httplib2
Low
CVE-2021-21240
was published
for
httplib2
(pip)
Feb 8, 2021
Denial of service attack via push rule patterns in matrix-synapse
Low
CVE-2021-29471
was published
for
matrix-synapse
(pip)
May 13, 2021
Uncontrolled Resource Consumption in urllib3
High
CVE-2020-7212
was published
for
urllib3
(pip)
Apr 30, 2021
Regular Expression Denial of Service in flask-restx
High
CVE-2021-32838
was published
for
flask-restx
(pip)
Sep 8, 2021
Denial of service attack via incorrect parameters in Matrix Synapse
Moderate
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
High
CVE-2021-43854
was published
for
nltk
(pip)
Jan 6, 2022
Denial of Service in Onionshare
High
CVE-2022-21689
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Memory exhaustion in Tensorflow
Moderate
CVE-2022-21732
was published
for
tensorflow
(pip)
Feb 10, 2022
Memory exhaustion in Tensorflow
Moderate
CVE-2022-21733
was published
for
tensorflow
(pip)
Feb 10, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
Moderate
CVE-2015-5286
was published
for
glance
(pip)
May 17, 2022
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
High
CVE-2015-5162
was published
for
cinder
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API