Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,126
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

126 advisories

Loading
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri Moderate
CVE-2023-41164 was published for django (pip) Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows High
CVE-2023-46695 was published for Django (pip) Nov 2, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 davidism
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics High
CVE-2023-43810 was published for opentelemetry-instrumentation (pip) Oct 2, 2023
programmer04
plone.rest vulnerable to Denial of Service when ++api++ is used many times Moderate
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Denial of service in neutron Moderate
CVE-2023-3637 was published for neutron (pip) Jul 25, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Withdrawn: scipy memory leak vulnerability Moderate
CVE-2023-25399 was published for scipy (pip) Jul 5, 2023 withdrawn
Synapse Denial of service due to incorrect application of event authorization rules during state resolution High
CVE-2022-39374 was published for matrix-synapse (pip) May 24, 2023
Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files High
GHSA-3qj8-93xh-pwh2 was published for starlette (pip) Apr 21, 2023 withdrawn
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files Moderate
CVE-2023-28837 was published for wagtail (pip) Apr 3, 2023
RealOrangeOne
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
openstack-neutron uncontrolled resource consumption flaw Moderate
CVE-2022-3277 was published for neutron (pip) Mar 7, 2023
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
MultipartParser denial of service with too many fields or files High
CVE-2023-30798 was published for starlette (pip) Feb 14, 2023
das7pad
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Pillow subject to DoS via SAMPLESPERPIXEL tag High
CVE-2022-45199 was published for pillow (pip) Nov 14, 2022
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
ReDoS issue in dparse High
CVE-2022-39280 was published for dparse (pip) Sep 27, 2022
Hyperledger indy-node vulnerable to denial of service High
CVE-2022-31006 was published for indy-node (pip) Sep 16, 2022
cre8
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database