Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

172 advisories

Loading
pypdf's LZWDecode streams be manipulated to exhaust RAM Moderate
CVE-2025-66019 was published for pypdf (pip) Nov 24, 2025
aydinnyunus stefan6419846
Credited to aydinnyunus and stefan6419846
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation High
CVE-2025-6176 was published for Scrapy (pip) Oct 31, 2025
smithcoin Cycloctane
Credited to smithcoin and Cycloctane
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Credited to guidovranken
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri Moderate
CVE-2023-41164 was published for django (pip) Nov 3, 2023
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon nadavaseal
Credited to ch4n3-yoon and nadavaseal
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
Credited to kexinoh
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Credited to erik-krogh
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
CVE-2025-62706 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
LlamaIndex Vulnerable to Denial of Service (DoS) High
CVE-2025-1752 was published for llama-index (pip) May 10, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9229 was published for quivr-core (pip) Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9056 was published for bentoml (pip) Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-8984 was published for litellm (pip) Mar 20, 2025
ishaan-jaff
Credited to ishaan-jaff
Gradio DOS in multipart boundry while uploading the file High
CVE-2024-8966 was published for gradio (pip) Mar 20, 2025
LlamaIndex Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-12910 was published for llama-index (pip) Mar 20, 2025
Aim allows denial of service due to no timeouts for some tracking server endpoints High
CVE-2024-8061 was published for aim (pip) Mar 20, 2025
Open WebUI denial of service through endpoint for converting markdown High
CVE-2024-7983 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2024-12778 was published for aim (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database