GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Moderate
GHSA-7h5v-85w9-pq6c
was published
for
matrix-synapse
(pip)
May 19, 2021
Uncontrolled Resource Consumption in pillow
Moderate
GHSA-jgpv-4h4c-xhw3
was published
for
pillow
(pip)
Apr 23, 2021
tkvideo has a memory issue in playing videos
Moderate
CVE-2022-24902
was published
for
tkvideoplayer
(pip)
May 3, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
Moderate
CVE-2015-5286
was published
for
glance
(pip)
May 17, 2022
Uncontrolled Resource Consumption in Matrix Synapse
Moderate
CVE-2022-41952
was published
for
matrix-synapse
(pip)
Apr 1, 2022
Denial of service in `tf.ragged.constant` due to lack of validation
Moderate
CVE-2022-29202
was published
for
tensorflow
(pip)
May 24, 2022
Ethereum ABI decoder DoS when parsing ZST
Moderate
GHSA-rqr8-pxh7-cq3g
was published
for
eth-abi
(pip)
Nov 24, 2023
Zope Server vulnerable to DoS via header injection
Moderate
CVE-2002-0687
was published
for
zope
(pip)
Apr 30, 2022
Withdrawn: scipy memory leak vulnerability
Moderate
CVE-2023-25399
was published
for
scipy
(pip)
Jul 5, 2023
•
withdrawn
openstack-neutron uncontrolled resource consumption flaw
Moderate
CVE-2022-3277
was published
for
neutron
(pip)
Mar 7, 2023
Improper line feed handling in zenml
Moderate
CVE-2024-4460
was published
for
zenml
(pip)
Jun 24, 2024
Duplicate Advisory: Apache Superset uncontrolled resource consumption
Moderate
CVE-2024-23952
was published
for
apache-superset
(pip)
May 30, 2024
•
withdrawn
Apache Superset uncontrolled resource consumption
Moderate
CVE-2023-46104
was published
for
apache-superset
(pip)
Dec 19, 2023
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
Django memory consumption vulnerability
Moderate
CVE-2024-41989
was published
for
Django
(pip)
Aug 7, 2024
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
vLLM Denial of Service via the best_of parameter
Moderate
CVE-2024-8939
was published
for
vllm
(pip)
Sep 17, 2024
Django is vulnerable to Denial of Service attack in formset
Moderate
CVE-2013-0306
was published
for
Django
(pip)
May 5, 2022
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Moderate
CVE-2023-41164
was published
for
django
(pip)
Nov 3, 2023
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Moderate
CVE-2021-21419
was published
for
eventlet
(pip)
May 7, 2021
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Regular Expression Denial of Service (ReDoS) in Jinja2
Moderate
CVE-2020-28493
was published
for
jinja2
(pip)
Mar 19, 2021
Denial of service attack via .well-known lookups
Moderate
CVE-2021-21274
was published
for
matrix-synapse
(pip)
Mar 1, 2021
ProTip!
Advisories are also available from the
GraphQL API