Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Loading
Brotli is vulnerable to a denial of service (DoS) attack due to decompression High
CVE-2025-6176 was published for brotli (pip) Oct 31, 2025
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon
Credited to ch4n3-yoon
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
Credited to cyjhhh
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Credited to jperezdealgaba, russellb, and taneem-ibrahim
LlamaIndex Vulnerable to Denial of Service (DoS) High
CVE-2025-1752 was published for llama-index (pip) May 10, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9056 was published for bentoml (pip) Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9229 was published for quivr-core (pip) Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-8984 was published for litellm (pip) Mar 20, 2025
ishaan-jaff
Credited to ishaan-jaff
Gradio DOS in multipart boundry while uploading the file High
CVE-2024-8966 was published for gradio (pip) Mar 20, 2025
Open WebUI denial of service through endpoint for converting markdown High
CVE-2024-7983 was published for open-webui (pip) Mar 20, 2025
Aim allows denial of service due to no timeouts for some tracking server endpoints High
CVE-2024-8061 was published for aim (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file High
GHSA-6wj5-5pgr-jwq8 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-7036 was published for open-webui (pip) Mar 20, 2025
Open WebUI has vulnerable dependency on starlette via fastapi High
GHSA-w466-2wfc-8g58 was published for open-webui (pip) Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2024-12778 was published for aim (pip) Mar 20, 2025
imaginAIry Denial of Service (DoS) vulnerability High
CVE-2024-12761 was published for imaginAIry (pip) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12534 was published for open-webui (npm) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
BentoML vulnerable to Uncontrolled Resource Consumption High
GHSA-hh3j-9m59-p8vc was published for bentoml (pip) Mar 20, 2025
FastChat Denial of Service vulnerability High
CVE-2024-10912 was published for fschat (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database