GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
833 advisories
Filter by severity
Uncontrolled resource consumption in nokogiri
Moderate
CVE-2017-18258
was published
for
nokogiri
(RubyGems)
Apr 13, 2018
Denial of Service vulnerability with large JSON payloads in fastify
High
CVE-2018-3711
was published
for
fastify
(npm)
Jul 18, 2018
Regular Expression Denial of Service in sshpk
High
CVE-2018-3737
was published
for
sshpk
(npm)
Aug 15, 2018
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
High
CVE-2018-1274
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Uncontrolled Memory Consumption in Django
High
CVE-2019-6975
was published
for
Django
(pip)
Feb 12, 2019
Denial of Service Vulnerability in Action View
High
CVE-2019-5419
was published
for
actionview
(RubyGems)
Mar 13, 2019
Django Denial-of-service by filling session store
High
CVE-2015-5143
was published
for
Django
(pip)
Jul 5, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
High
CVE-2019-10094
was published
for
org.apache.tika:tika-core
(Maven)
Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
High
CVE-2019-10088
was published
for
org.apache.tika:tika-core
(Maven)
Aug 6, 2019
Out-of-Memory Error in Bouncy Castle Crypto
High
CVE-2019-17359
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2019
DOS attack in Pillow when processing specially crafted image files
High
CVE-2019-16865
was published
for
pillow
(pip)
Oct 22, 2019
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Moderate
CVE-2019-16770
was published
for
puma
(RubyGems)
Dec 5, 2019
Denial of Service in Cryptacular
High
CVE-2020-7226
was published
for
org.cryptacular:cryptacular
(Maven)
Jun 10, 2020
Denial of Service in Netty
High
CVE-2020-11612
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2020
Denial of Service in Google Guava
Moderate
CVE-2018-10237
was published
for
com.google.guava:guava
(Maven)
Jun 15, 2020
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
Denial of service in tensorflow-lite
Moderate
CVE-2020-15213
was published
for
tensorflow
(pip)
Sep 25, 2020
Unbounded connection acceptance leads to file handle exhaustion
High
CVE-2021-21293
was published
for
org.http4s:blaze-core_2.11
(Maven)
Feb 2, 2021
Unbounded connection acceptance in http4s-blaze-server
High
CVE-2021-21294
was published
for
org.http4s:http4s-blaze-server_2.12
(Maven)
Feb 2, 2021
Denial of service attack via .well-known lookups
Moderate
CVE-2021-21274
was published
for
matrix-synapse
(pip)
Mar 1, 2021
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Allocation of Resources Without Limits or Throttling in Undertow
High
CVE-2020-10705
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
ProTip!
Advisories are also available from the
GraphQL API