Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Duplicate Advisory: Remotely exploitable denial of service in Rosenpass Moderate
GHSA-624c-2h52-gf7f was published for rosenpass (Rust) Jul 28, 2025 withdrawn
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header Moderate
CVE-2025-53604 was published for web-push (Rust) Jul 5, 2025
rPGP Panics on Malformed Untrusted Input High
CVE-2024-53856 was published for pgp (Rust) Dec 5, 2024
invd hko-s
dignifiedquire link2xt
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
Django vulnerable to a denial-of-service attack Moderate
CVE-2024-41990 was published for Django (pip) Aug 7, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
Remotely exploitable denial of service in Rosenpass Moderate
CVE-2023-53157 was published for rosenpass (Rust) Dec 21, 2023
Out of memory error when submitting the dataset form with a specially-crafted field Moderate
CVE-2023-50248 was published for ckan (pip) Dec 13, 2023
thorge
Jetty accepts "+" prefixed value in Content-Length Moderate
CVE-2023-40167 was published for org.eclipse.jetty:jetty-http (Maven) Sep 14, 2023
mukeran chenjj
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length High
CVE-2022-24666 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
rdiffweb's unlimited username field length can lead to DoS High
CVE-2022-3290 was published for rdiffweb (pip) Sep 27, 2022
rdiffweb's unlimited length email field can lead to DoS High
CVE-2022-3272 was published for rdiffweb (pip) Sep 27, 2022
RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency High
CVE-2022-2714 was published for francoisjacquet/rosariosis (Composer) Sep 7, 2022
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length High
GHSA-pv7r-9vjg-g3f9 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
Improper Handling of Length Parameter Inconsistency in Apache Ant Moderate
CVE-2021-36374 was published for org.apache.ant:ant (Maven) Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Apache Ant Moderate
CVE-2021-36373 was published for org.apache.ant:ant (Maven) Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-36090 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35517 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35516 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database