Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,387 advisories

Loading
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 davidism
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an... Moderate Unreviewed
CVE-2024-45420 was published Nov 19, 2024
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL... Moderate Unreviewed
CVE-2024-11498 was published Nov 25, 2024
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
Designate mDNS DoS through incorrect handling of large RecordSets High
CVE-2015-5695 was published for designate (pip) May 17, 2022
MoinMoin Denial of Service vulnerability via password_checker function High
CVE-2008-6549 was published for moin (pip) May 17, 2022
Zope Denial of Service (DoS) vulnerability in ZServer High
CVE-2010-3198 was published for Zope (pip) May 17, 2022
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
fawind
By flooding the target resolver with queries exploiting this flaw an attacker can significantly... High Unreviewed
CVE-2022-2795 was published Sep 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database