Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Alnusjaponica, Isotr0py, and DarkLight1337
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer Moderate
CVE-2025-6921 was published for transformers (pip) Sep 23, 2025
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
jakiki6 stefan6419846
Credited to jakiki6 and stefan6419846
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
Credited to suidpit, ndaprela, TheZ3ro, and smaury
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-6838 was published for mlflow (pip) Mar 20, 2025
LlamaIndex Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-12910 was published for llama-index (pip) Mar 20, 2025
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for Quart (pip) Oct 25, 2024
defnull
Credited to defnull
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Credited to westonsteimel
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters Moderate
CVE-2024-45230 was published for Django (pip) Oct 8, 2024
vLLM Denial of Service via the best_of parameter Moderate
CVE-2024-8939 was published for vllm (pip) Sep 17, 2024
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Improper line feed handling in zenml Moderate
CVE-2024-4460 was published for zenml (pip) Jun 24, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain (pip) Jun 6, 2024
eyurtsev efriis
Credited to eyurtsev and efriis
Duplicate Advisory: Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
python-jose denial of service via compressed JWE content Moderate
CVE-2024-33664 was published for python-jose (pip) Apr 26, 2024
garyd203
Credited to garyd203
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Credited to guidovranken
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value Moderate
CVE-2023-6681 was published for jwcrypto (pip) Dec 28, 2023
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Ethereum ABI decoder DoS when parsing ZST Moderate
GHSA-rqr8-pxh7-cq3g was published for eth-abi (pip) Nov 24, 2023
maxammann
Credited to maxammann
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri Moderate
CVE-2023-41164 was published for django (pip) Nov 3, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 davidism
Credited to psrok1 and davidism
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database