Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,686
Maven
5,000+
npm
5,000+
NuGet
933
pip
4,921
Pub
13
RubyGems
1,053
Rust
1,320
Swift
53
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains High
CVE-2026-42304 was published for Twisted (pip) May 5, 2026
tomasilluminati Credited to tomasilluminati
webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments High
GHSA-fc86-6rv6-2jpm was published for webonyx/graphql-php (Composer) May 4, 2026
d0cs1s-bzhunt Credited to d0cs1s-bzhunt and BZHunt BZHunt BZHunt
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation Moderate
CVE-2026-40476 was published for webonyx/graphql-php (Composer) Apr 14, 2026
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler Moderate
CVE-2026-35599 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Pretext: Algorithmic Complexity (DoS) in the text analysis phase High
GHSA-5478-66c3-rhxr was published for @chenglou/pretext (npm) Apr 8, 2026
NapongiZero Credited to NapongiZero
Django has potential DoS via MultiPartParser through crafted multipart uploads Moderate
CVE-2026-33033 was published for Django (pip) Apr 7, 2026
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header High
CVE-2026-34230 was published for rack (RubyGems) Apr 2, 2026
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
parse-server has GraphQL complexity validator exponential fragment traversal DoS High
CVE-2026-34573 was published for parse-server (npm) Mar 31, 2026
bugbunny-research Credited to bugbunny-research and mtrezza mtrezza mtrezza
pypdf has inefficient decoding of array-based streams Moderate
CVE-2026-33123 was published for pypdf (pip) Mar 18, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams Moderate
CVE-2026-28804 was published for pypdf (pip) Mar 2, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments High
CVE-2026-27903 was published for minimatch (npm) Feb 26, 2026
dolevmiz1 Credited to dolevmiz1
golang.org/x/net/html has a Quadratic Parsing Complexity issue Moderate
CVE-2025-47911 was published for golang.org/x/net/html (Go) Feb 12, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2026-1285 was published for Django (pip) Feb 3, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2025-14550 was published for Django (pip) Feb 3, 2026
Mattermost is vulnerable to CPU exhaustion via crafted HTTP request Low
CVE-2025-14822 was published for github.com/mattermost/mattermost-server (Go) Jan 16, 2026
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire Credited to pramod-ahire
Django is vulnerable to DoS via XML serializer text extraction Moderate
CVE-2025-64460 was published for Django (pip) Dec 2, 2025
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows High
CVE-2025-64458 was published for django (pip) Nov 5, 2025
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon Credited to ch4n3-yoon and nadavaseal nadavaseal nadavaseal
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata Low
CVE-2025-55304 was published for Exiv2 (pip) Aug 29, 2025
gluck-pwn Credited to gluck-pwn
Netty QUIC hash collision DoS attack Moderate
CVE-2025-29908 was published for io.netty.incubator:netty-incubator-codec-quic (Maven) Mar 31, 2025
Kwik hash collision vulnerability Moderate
CVE-2025-23020 was published for tech.kwik:kwik (Maven) Feb 20, 2025
league/commonmark's quadratic complexity bugs may lead to a denial of service High
GHSA-c2pc-g5qf-rfrf was published for league/commonmark (Composer) Dec 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database