Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,615
Maven
5,000+
npm
5,000+
NuGet
925
pip
4,835
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
FastChat has Denial of Service Through Blocking Event Loop in Model Workers (Incomplete Fix for ff66426) Moderate
CVE-2026-6607 was published for fschat (pip) Apr 20, 2026
python-multipart affected by Denial of Service via large multipart preamble or epilogue data Moderate
CVE-2026-40347 was published for python-multipart (pip) Apr 15, 2026
HamdaanAliQuatil Credited to HamdaanAliQuatil and defnull defnull defnull
FITS GZIP decompression bomb in Pillow High
CVE-2026-40192 was published for pillow (pip) Apr 13, 2026
sammiee5311 Credited to sammiee5311
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain High
CVE-2026-39376 was published for fastfeedparser (pip) Apr 8, 2026
redyank Credited to redyank
strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions High
CVE-2026-35526 was published for strawberry-graphql (pip) Apr 6, 2026
JFOZ1010 Credited to JFOZ1010, patrick91, and bellini666 patrick91 patrick91
bellini666 bellini666
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service High
CVE-2026-34824 was published for mesop (pip) Apr 3, 2026
tubadeligoz Credited to tubadeligoz
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. High
CVE-2026-34445 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage Moderate
CVE-2026-22815 was published for aiohttp (pip) Apr 1, 2026
sg3-141-592 Credited to sg3-141-592 and Dreamsorcerer Dreamsorcerer Dreamsorcerer
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching Low
CVE-2026-4539 was published for Pygments (pip) Mar 22, 2026
nzlaura Credited to nzlaura and dnegreira dnegreira dnegreira
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT High
CVE-2026-33155 was published for deepdiff (pip) Mar 18, 2026
am-periphery Credited to am-periphery
pypdf has inefficient decoding of array-based streams Moderate
CVE-2026-33123 was published for pypdf (pip) Mar 18, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification High
CVE-2026-31899 was published for CairoSVG (pip) Mar 13, 2026
SnailSploit Credited to SnailSploit
Tornado is vulnerable to DoS due to too many multipart parts High
CVE-2026-31958 was published for tornado (pip) Mar 12, 2026
0x-Apollyon Credited to 0x-Apollyon and bekkaze bekkaze bekkaze
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
pypdf: Manipulated RunLengthDecode streams can exhaust RAM Moderate
CVE-2026-28351 was published for pypdf (pip) Feb 28, 2026
bugbunny-research Credited to bugbunny-research and stefan6419846 stefan6419846 stefan6419846
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM Moderate
CVE-2026-27888 was published for pypdf (pip) Feb 26, 2026
bekkaze Credited to bekkaze and stefan6419846 stefan6419846 stefan6419846
llama-index-core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-6208 was published for llama-index-core (pip) Feb 2, 2026
Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption High
CVE-2026-0599 was published for text-generation (pip) Feb 2, 2026
Unfurl's unbounded zlib decompression allows decompression bomb DoS High
CVE-2026-40036 was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team Credited to mobasi-team
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion High
CVE-2026-23842 was published for chatterbot (pip) Jan 20, 2026
AdityaBhatt3010 Credited to AdityaBhatt3010
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007 Credited to tsigouris007
pypdf has possible long runtimes for malformed startxref Low
CVE-2026-22691 was published for pypdf (pip) Jan 9, 2026
mkaalto Credited to mkaalto and stefan6419846 stefan6419846 stefan6419846
pypdf has possible long runtimes for missing /Root object with large /Size values Low
CVE-2026-22690 was published for pypdf (pip) Jan 9, 2026
N0zoM1z0 Credited to N0zoM1z0 and stefan6419846 stefan6419846 stefan6419846
pypdf's LZWDecode streams be manipulated to exhaust RAM Moderate
CVE-2025-66019 was published for pypdf (pip) Nov 24, 2025
aydinnyunus Credited to aydinnyunus and stefan6419846 stefan6419846 stefan6419846
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database