Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon
Credited to ch4n3-yoon
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata Low
CVE-2025-55304 was published for Exiv2 (pip) Aug 29, 2025
gluck-pwn
Credited to gluck-pwn
Netty QUIC hash collision DoS attack Moderate
CVE-2025-29908 was published for io.netty.incubator:netty-incubator-codec-quic (Maven) Mar 31, 2025
Kwik hash collision vulnerability Moderate
CVE-2025-23020 was published for tech.kwik:kwik (Maven) Feb 20, 2025
league/commonmark's quadratic complexity bugs may lead to a denial of service High
GHSA-c2pc-g5qf-rfrf was published for league/commonmark (Composer) Dec 9, 2024
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability High
CVE-2024-43485 was published for System.Text.Json (NuGet) Oct 8, 2024
rbhanda markusschaber
Credited to rbhanda and markusschaber
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability High
CVE-2024-43484 was published for System.IO.Packaging (NuGet) Oct 8, 2024
rbhanda
Credited to rbhanda
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability High
CVE-2024-43483 was published for Microsoft.Extensions.Caching.Memory (NuGet) Oct 8, 2024
rbhanda
Credited to rbhanda
Inefficient Algorithmic Complexity in com.upokecenter:cbor High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 19, 2024
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-7vh7-fw88-wj87 was published for commonmarker (RubyGems) Aug 8, 2023
PyPDF2 quadratic runtime with malformed PDF missing xref marker Moderate
CVE-2023-36810 was published for PyPDF2 (pip) Jun 30, 2023
Inefficient Algorithmic Complexity in Apache Santuario XML Security Moderate
CVE-2013-2172 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
Denial of service in CBOR library High
CVE-2024-21909 was published for PeterO.Cbor (NuGet) Jan 21, 2022
Denial of service in CBOR library High
GHSA-fj2w-wfgv-mwq6 was published for com.upokecenter:cbor (Maven) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database