GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
Stack overflow in `ParseAttrValue` with nested tensors
Low
CVE-2021-29615
was published
for
tensorflow
(pip)
May 21, 2021
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
sqlparse parsing heavily nested list leads to Denial of Service
High
CVE-2024-4340
was published
for
sqlparse
(pip)
Apr 15, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain
(pip)
Jun 6, 2024
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
ProTip!
Advisories are also available from the
GraphQL API