GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Django vulnerable to denial-of-service attack
Moderate
CVE-2024-41991
was published
for
Django
(pip)
Aug 7, 2024
panic on parsing crafted phonenumber inputs
Critical
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Moderate
CVE-2023-41164
was published
for
django
(pip)
Nov 3, 2023
phonenumber panics on parsing crafted RFC3966 inputs
High
CVE-2023-42444
was published
for
phonenumber
(Rust)
Sep 21, 2023
blurhash panics on parsing crafted inputs
High
CVE-2023-42447
was published
for
blurhash
(Rust)
Sep 21, 2023
jcvi vulnerable to Configuration Injection due to unsanitized user input
High
CVE-2023-35932
was published
for
jcvi
(pip)
Jun 23, 2023
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Moderate
CVE-2023-23626
was published
for
github.com/ipfs/go-bitfield
(Go)
Feb 10, 2023
ToolJet is vulnerable to Denial of Service (DoS)
Moderate
CVE-2022-4111
was published
for
tooljet
(npm)
Nov 22, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length
High
CVE-2022-39294
was published
for
conduit-hyper
(Rust)
Oct 31, 2022
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
High
CVE-2022-36086
was published
for
linked_list_allocator
(Rust)
Sep 16, 2022
Denial of service in `tf.ragged.constant` due to lack of validation
Moderate
CVE-2022-29202
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation causes denial of service via `LSTMBlockCell`
Moderate
CVE-2022-29200
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
Moderate
CVE-2022-29196
was published
for
tensorflow
(pip)
May 24, 2022
Unauthenticated control plane denial of service attack in Istio
High
CVE-2022-23635
was published
for
istio.io/istio
(Go)
Feb 23, 2022
Microweber vulnerable to Improper Validation of Specified Quantity in Input
Moderate
CVE-2022-0596
was published
for
microweber/microweber
(Composer)
Feb 16, 2022
Improper Validation of Specified Quantity in Input in Eclipse Hono
High
CVE-2020-27217
was published
for
org.eclipse.hono:hono-core
(Maven)
Feb 10, 2022
Abort caused by allocating a vector that is too large in Tensorflow
Moderate
CVE-2022-23580
was published
for
tensorflow
(pip)
Feb 7, 2022
Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
Moderate
CVE-2022-0414
was published
for
dolibarr/dolibarr
(Composer)
Feb 1, 2022
Logic error in dolibarr
Moderate
CVE-2022-0174
was published
for
dolibarr/dolibarr
(Composer)
Jan 12, 2022
Transaction validity oversight in pallet-ethereum
Moderate
CVE-2021-39193
was published
for
pallet-ethereum
(Rust)
Sep 1, 2021
Incomplete validation in `MaxPoolGrad`
Moderate
CVE-2021-37674
was published
for
tensorflow
(pip)
Aug 25, 2021
Missing validation in shape inference for `Dequantize`
Moderate
CVE-2021-37677
was published
for
tensorflow
(pip)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API