Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

124 advisories

Loading
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service High
CVE-2026-34824 was published for mesop (pip) Apr 3, 2026
tubadeligoz Credited to tubadeligoz
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. High
CVE-2026-34445 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT High
CVE-2026-33155 was published for deepdiff (pip) Mar 18, 2026
am-periphery Credited to am-periphery
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification High
CVE-2026-31899 was published for CairoSVG (pip) Mar 13, 2026
SnailSploit Credited to SnailSploit
Tornado is vulnerable to DoS due to too many multipart parts High
CVE-2026-31958 was published for tornado (pip) Mar 12, 2026
0x-Apollyon Credited to 0x-Apollyon and bekkaze bekkaze bekkaze
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption High
CVE-2026-0599 was published for text-generation (pip) Feb 2, 2026
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion High
CVE-2026-23842 was published for chatterbot (pip) Jan 20, 2026
AdityaBhatt3010 Credited to AdityaBhatt3010
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007 Credited to tsigouris007
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation High
CVE-2025-6176 was published for Scrapy (pip) Oct 31, 2025
smithcoin Credited to smithcoin and Cycloctane Cycloctane Cycloctane
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon Credited to ch4n3-yoon and nadavaseal nadavaseal nadavaseal
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision Credited to AL-Cybision
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh Credited to cyjhhh
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba Credited to jperezdealgaba, russellb, and taneem-ibrahim russellb russellb
taneem-ibrahim taneem-ibrahim
LlamaIndex Vulnerable to Denial of Service (DoS) High
CVE-2025-1752 was published for llama-index (pip) May 10, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9229 was published for quivr-core (pip) Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9056 was published for bentoml (pip) Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-8984 was published for litellm (pip) Mar 20, 2025
ishaan-jaff Credited to ishaan-jaff
Gradio DOS in multipart boundry while uploading the file High
CVE-2024-8966 was published for gradio (pip) Mar 20, 2025
Aim allows denial of service due to no timeouts for some tracking server endpoints High
CVE-2024-8061 was published for aim (pip) Mar 20, 2025
Open WebUI denial of service through endpoint for converting markdown High
CVE-2024-7983 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database