GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
440 advisories
Filter by severity
Denial of Service attack on windows app using netty
High
CVE-2024-47535
was published
for
io.netty:netty-common
(Maven)
Nov 12, 2024
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
MultipartParser denial of service with too many fields or files
High
CVE-2023-30798
was published
for
starlette
(pip)
Feb 14, 2023
Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
High
GHSA-3qj8-93xh-pwh2
was published
for
starlette
(pip)
Apr 21, 2023
•
withdrawn
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
High
CVE-2021-32839
was published
for
sqlparse
(pip)
Sep 10, 2021
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
PyKMIP Denial of service vulnerability
High
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
Denial of service in http-proxy-middleware
High
CVE-2024-21536
was published
for
http-proxy-middleware
(npm)
Oct 19, 2024
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
py vulnerable to Regular Expression Denial of Service
High
CVE-2020-29651
was published
for
py
(pip)
Apr 20, 2021
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
Podman vulnerable to memory-based denial of service
High
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
Uncontrolled Resource Consumption in Pillow
High
CVE-2021-28677
was published
for
Pillow
(pip)
Jun 8, 2021
Plone denial of service via Caching Bypass
High
CVE-2012-5498
was published
for
Plone
(pip)
May 17, 2022
Pillow Denial of Service vulnerability
High
CVE-2023-44271
was published
for
pillow
(pip)
Nov 3, 2023
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2021-27291
was published
for
Pygments
(pip)
Mar 29, 2021
ProTip!
Advisories are also available from the
GraphQL API