GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
Moderate
CVE-2026-48990
was published
for
joserfc
(pip)
Jun 26, 2026
pypdf: Missing stream length values ignore defined limits
Moderate
GHSA-jm82-fx9c-mx94
was published
for
pypdf
(pip)
Jun 18, 2026
pypdf: Manipulated XMP metadata streams can exhaust RAM
Moderate
CVE-2026-48735
was published
for
pypdf
(pip)
Jun 16, 2026
aiohttp: Incomplete websocket frame payloads bypass memory limits
Moderate
CVE-2026-54274
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Moderate
CVE-2026-54273
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
Moderate
CVE-2026-54277
was published
for
aiohttp
(pip)
Jun 15, 2026
OpenEXR Out-Of-Memory via Unbounded File Header Values
Moderate
CVE-2025-48074
was published
for
OpenEXR
(pip)
Jul 31, 2025
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Moderate
CVE-2026-48045
was published
for
zeroconf
(pip)
Jun 11, 2026
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes
Moderate
CVE-2026-45554
was published
for
nicegui
(pip)
May 18, 2026
xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory
Moderate
CVE-2025-32381
was published
for
xgrammar
(pip)
Apr 9, 2025
vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Moderate
CVE-2026-34755
was published
for
vllm
(pip)
Apr 3, 2026
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
Moderate
CVE-2026-22773
was published
for
vllm
(pip)
Jan 13, 2026
vLLM denial of service via outlines unbounded cache on disk
Moderate
CVE-2025-29770
was published
for
vllm
(pip)
Mar 19, 2025
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
Moderate
CVE-2026-47184
was published
for
zeroconf
(pip)
May 29, 2026
ciguard: SCA HTTP client reads response body without size cap
Moderate
CVE-2026-44219
was published
for
ciguard
(pip)
May 5, 2026
PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS
Moderate
CVE-2026-40115
was published
for
PraisonAI
(pip)
Apr 10, 2026
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Moderate
CVE-2026-34756
was published
for
vllm
(pip)
Apr 3, 2026
AIOHTTP has a Multipart Header Size Bypass
Moderate
CVE-2026-34516
was published
for
aiohttp
(pip)
Apr 1, 2026
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Moderate
CVE-2026-34052
was published
for
jupyterhub-ltiauthenticator
(pip)
Apr 3, 2026
aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage
Moderate
CVE-2026-22815
was published
for
aiohttp
(pip)
Apr 1, 2026
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
Moderate
CVE-2026-33332
was published
for
nicegui
(pip)
Mar 19, 2026
pypdf: manipulated stream length values can exhaust RAM
Moderate
CVE-2026-31826
was published
for
pypdf
(pip)
Mar 11, 2026
zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
Moderate
CVE-2026-27695
was published
for
zae-limiter
(pip)
Feb 25, 2026
pypdf possibly has long runtimes for malformed FlateDecode streams
Moderate
CVE-2026-27026
was published
for
pypdf
(pip)
Feb 18, 2026
sqlparse: formatting list of tuples leads to denial of service
Moderate
GHSA-27jp-wm6q-gp25
was published
for
sqlparse
(pip)
Feb 13, 2026
ProTip!
Advisories are also available from the
GraphQL API