Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Missing rate limit on rdiffweb Moderate
CVE-2022-3456 was published for rdiffweb (pip) Oct 14, 2022
rdiffweb vulnerable to potential DoS via memory consumption High
CVE-2022-3298 was published for rdiffweb (pip) Sep 27, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks High
CVE-2022-3273 was published for rdiffweb (pip) Oct 6, 2022
Memory exhaustion in Tensorflow Moderate
CVE-2022-21732 was published for tensorflow (pip) Feb 10, 2022
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files Moderate
CVE-2023-28837 was published for wagtail (pip) Apr 3, 2023
RealOrangeOne
Uncontrolled Resource Consumption in asyncua and opcua High
CVE-2022-25304 was published for asyncua (pip) Aug 24, 2022
GoetzGoerisch tdunlap607
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Twisted SSH client and server deny of service during SSH handshake. High
CVE-2022-21716 was published for twisted (pip) Mar 3, 2022
Idan-D vin01
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-4138 was published for rdiffweb (pip) Aug 3, 2023
FaucetSDN Ryu Denial of Service Vulnerability High
CVE-2020-35139 was published for ryu (pip) Aug 11, 2023
FaucetSDN Ryu Denial of Service Vulnerability High
CVE-2020-35141 was published for ryu (pip) Aug 11, 2023
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability Moderate
CVE-2023-42504 was published for apache-superset (pip) Nov 28, 2023
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning Critical
CVE-2019-15753 was published for os-vif (pip) May 24, 2022
Synapse V2 state resolution weakness allows Denial of Service (DoS) Moderate
CVE-2024-31208 was published for matrix-synapse (pip) Apr 23, 2024
alexeyshch
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service Critical
CVE-2024-32874 was published for frigate (pip) May 9, 2024
Sim4n6
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
freewvs vulnerable to denial of service through large files Low
CVE-2020-15100 was published for freewvs (pip) Aug 30, 2024
priority vulnerable to denial of service Moderate
CVE-2016-6580 was published for priority (pip) May 17, 2022
Django denial of service via empty session record creation Moderate
CVE-2015-5963 was published for Django (pip) May 17, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database