Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
Denial-of-service in Django High
CVE-2021-45115 was published for Django (pip) Jan 12, 2022
sunSUNQ
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize) High
CVE-2021-43854 was published for nltk (pip) Jan 6, 2022
tomaarsen raffienficiaud
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
Apprise vulnerable to regex injection with IFTTT Plugin High
CVE-2021-39229 was published for apprise (pip) Sep 20, 2021
kevinbackhouse erik-krogh
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Regular Expression Denial of Service in flask-restx High
CVE-2021-32838 was published for flask-restx (pip) Sep 8, 2021
erik-krogh yoff
Uncontrolled Resource Consumption in pillow High
CVE-2021-23437 was published for pillow (pip) Sep 7, 2021
Uncontrolled Resource Consumption in Pillow High
CVE-2021-28677 was published for Pillow (pip) Jun 8, 2021
sunSUNQ
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters High
CVE-2021-33503 was published for urllib3 (pip) Jun 1, 2021
NariyoshiChida ap-wtioit
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint Moderate
GHSA-7h5v-85w9-pq6c was published for matrix-synapse (pip) May 19, 2021
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet Moderate
CVE-2021-21419 was published for eventlet (pip) May 7, 2021
Uncontrolled Resource Consumption in urllib3 High
CVE-2020-7212 was published for urllib3 (pip) Apr 30, 2021
Uncontrolled Resource Consumption in pillow Moderate
GHSA-jgpv-4h4c-xhw3 was published for pillow (pip) Apr 23, 2021
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation Moderate
CVE-2021-29433 was published for matrix-sydent (pip) Apr 16, 2021
Regular Expression Denial of Service (ReDoS) in Pillow Moderate
CVE-2021-25292 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Pygments vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-27291 was published for Pygments (pip) Mar 29, 2021
Regular Expression Denial of Service (ReDoS) in Jinja2 Moderate
CVE-2020-28493 was published for jinja2 (pip) Mar 19, 2021
tdunlap607
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
Regular Expression Denial of Service (REDoS) in httplib2 High
CVE-2021-21240 was published for httplib2 (pip) Feb 8, 2021
b-c-ds
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database