GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Moderate
CVE-2021-21419
was published
for
eventlet
(pip)
May 7, 2021
Django Denial-of-service in django.utils.text.Truncator
Moderate
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Moderate
CVE-2023-41164
was published
for
django
(pip)
Nov 3, 2023
Django is vulnerable to Denial of Service attack in formset
Moderate
CVE-2013-0306
was published
for
Django
(pip)
May 5, 2022
vLLM Denial of Service via the best_of parameter
Moderate
CVE-2024-8939
was published
for
vllm
(pip)
Sep 17, 2024
Django vulnerable to Denial of Service via i18n middleware component
Moderate
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Moderate
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
OCI image importer memory exhaustion in github.com/containerd/containerd
Moderate
CVE-2023-25153
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Moderate
CVE-2024-43806
was published
for
rustix
(Rust)
Oct 18, 2023
Mattermost Plugin Channel Export excessive resource consumption
Moderate
CVE-2024-43105
was published
for
github.com/mattermost/mattermost-plugin-channel-export
(Go)
Aug 23, 2024
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
fugit parse and parse_nat stall on lengthy input
Moderate
CVE-2024-43380
was published
for
fugit
(RubyGems)
Aug 19, 2024
Stack overflow when parsing specially crafted JSON ABI strings
Moderate
GHSA-8327-84cj-8xjm
was published
for
alloy-json-abi
(Rust)
Aug 15, 2024
jose4j denial of service via specifically crafted JWE
Moderate
CVE-2023-51775
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Feb 29, 2024
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Podman vulnerable to memory-based denial of service
Moderate
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
Django memory consumption vulnerability
Moderate
CVE-2024-41989
was published
for
Django
(pip)
Aug 7, 2024
ProTip!
Advisories are also available from the
GraphQL API