GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
789 advisories
Filter by severity
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
Spring Framework DoS via conditional HTTP request
Moderate
CVE-2024-38809
was published
for
org.springframework:spring-web
(Maven)
Sep 24, 2024
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Denial of service in rocket chat message parser
Moderate
CVE-2024-46935
was published
for
@rocket.chat/message-parser
(npm)
Sep 25, 2024
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
High
CVE-2021-43854
was published
for
nltk
(pip)
Jan 6, 2022
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Regular Expression Denial of Service (ReDoS) in Jinja2
Moderate
CVE-2020-28493
was published
for
jinja2
(pip)
Mar 19, 2021
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
python-multipart
(pip)
Feb 12, 2024
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation
Moderate
CVE-2021-29433
was published
for
matrix-sydent
(pip)
Apr 16, 2021
Regular Expression Denial of Service (REDoS) in httplib2
High
CVE-2021-21240
was published
for
httplib2
(pip)
Feb 8, 2021
Uncontrolled Resource Consumption in Indy Node
High
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
High
CVE-2019-1010083
was published
for
flask
(pip)
Jul 19, 2019
Regular Expression Denial of Service in flask-restx
High
CVE-2021-32838
was published
for
flask-restx
(pip)
Sep 8, 2021
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Moderate
CVE-2021-21419
was published
for
eventlet
(pip)
May 7, 2021
Django Denial-of-service in strip_tags()
High
CVE-2019-14233
was published
for
Django
(pip)
Aug 6, 2019
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2019-14232
was published
for
Django
(pip)
Aug 6, 2019
Django potential denial of service vulnerability in UsernameField on Windows
High
CVE-2023-46695
was published
for
Django
(pip)
Nov 2, 2023
Django Denial-of-service in django.utils.text.Truncator
Moderate
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
ProTip!
Advisories are also available from the
GraphQL API