Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

426 advisories

Loading
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage High
CVE-2019-1010083 was published for flask (pip) Jul 19, 2019
Ghcml
Regular Expression Denial of Service in flask-restx High
CVE-2021-32838 was published for flask-restx (pip) Sep 8, 2021
erik-krogh yoff
Django Denial-of-service in strip_tags() High
CVE-2019-14233 was published for Django (pip) Aug 6, 2019
Django Denial-of-service in django.utils.text.Truncator High
CVE-2019-14232 was published for Django (pip) Aug 6, 2019
Django potential denial of service vulnerability in UsernameField on Windows High
CVE-2023-46695 was published for Django (pip) Nov 2, 2023
Denial-of-service in Django High
CVE-2021-45115 was published for Django (pip) Jan 12, 2022
sunSUNQ
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Django DoS in django.views.static.serve High
CVE-2015-0221 was published for Django (pip) May 17, 2022
sunSUNQ
Django ReDoS in validators.URLValidator High
CVE-2015-5145 was published for Django (pip) May 17, 2022
Django Denial of Service Vulnerability in the authentication framework High
CVE-2013-1443 was published for Django (pip) May 17, 2022
Django denial of service via file upload naming High
CVE-2014-0481 was published for Django (pip) May 14, 2022
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
Django Regex Algorithmic Complexity Causes Denial of Service High
CVE-2009-3695 was published for Django (pip) May 2, 2022
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Regular Expression Denial of Service in CairoSVG High
CVE-2021-21236 was published for CairoSVG (pip) Jan 6, 2021
b-c-ds
CoAPthon DoS due to Exceptions High
CVE-2018-12680 was published for CoAPthon (pip) Apr 8, 2019
Apprise vulnerable to regex injection with IFTTT Plugin High
CVE-2021-39229 was published for apprise (pip) Sep 20, 2021
kevinbackhouse erik-krogh
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security amitguptagwl
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API