GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
449 advisories
Filter by severity
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
High
CVE-2024-47554
was published
for
commons-io:commons-io
(Maven)
Oct 3, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
Zope Denial of Service (DoS) vulnerability in ZServer
High
CVE-2010-3198
was published
for
Zope
(pip)
May 17, 2022
MoinMoin Denial of Service vulnerability via password_checker function
High
CVE-2008-6549
was published
for
moin
(pip)
May 17, 2022
Designate mDNS DoS through incorrect handling of large RecordSets
High
CVE-2015-5695
was published
for
designate
(pip)
May 17, 2022
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
websockets is vulnerable to denial of service by memory exhaustion
High
CVE-2018-1000518
was published
for
websockets
(pip)
Sep 17, 2018
VTK NULL pointer dereference vulnerability
High
CVE-2021-42521
was published
for
vtk
(pip)
Aug 26, 2022
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
High
CVE-2021-33503
was published
for
urllib3
(pip)
Jun 1, 2021
Uncontrolled Resource Consumption in urllib3
High
CVE-2020-7212
was published
for
urllib3
(pip)
Apr 30, 2021
Trac reStructuredText breach of privacy and denial of service vulnerability
High
CVE-2006-3695
was published
for
trac
(pip)
May 1, 2022
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
High
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
High
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Mattermost vulnerable to denial of service via large number of emoji reactions
High
CVE-2024-1402
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Django vulnerable to Denial of Service via i18n middleware component
High
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
ProTip!
Advisories are also available from the
GraphQL API