GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Uncontrolled resource consumption in validators Python package
High
CVE-2019-19588
was published
for
validators
(pip)
Jan 21, 2020
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
MediaWiki Denial of Service vulnerability
High
CVE-2023-45363
was published
for
mediawiki/core
(Composer)
Oct 9, 2023
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2016-6817
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
High
CVE-2022-0778
was published
for
openssl-src
(Rust)
Mar 16, 2022
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
High
CVE-2021-29482
was published
for
github.com/ulikunitz/xz
(Go)
May 25, 2021
Denial of Service Vulnerability in Rustls Library
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
golang.org/x/net/html Infinite Loop vulnerability
High
CVE-2021-33194
was published
for
golang.org/x/net
(Go)
May 24, 2022
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
x/net/html Vulnerable to DoS During HTML Parsing
High
CVE-2018-17846
was published
for
golang.org/x/net
(Go)
Sep 25, 2023
Undertow denial of service vulnerability
High
CVE-2023-1108
was published
for
io.undertow:undertow-core
(Maven)
Sep 14, 2023
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
High
CVE-2024-30251
was published
for
aiohttp
(pip)
May 3, 2024
CodeIgniter4 DoS Vulnerability
High
CVE-2024-29904
was published
for
codeigniter4/framework
(Composer)
Mar 29, 2024
Infinite Loop in Apache Tomcat
High
CVE-2020-13935
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
ProTip!
Advisories are also available from the
GraphQL API