Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

181 advisories

Loading
pypdf: Manipulated RunLengthDecode streams can exhaust RAM Moderate
CVE-2026-28351 was published for pypdf (pip) Feb 28, 2026
bugbunny-research Credited to bugbunny-research and stefan6419846 stefan6419846 stefan6419846
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM Moderate
CVE-2026-27888 was published for pypdf (pip) Feb 26, 2026
bekkaze Credited to bekkaze and stefan6419846 stefan6419846 stefan6419846
Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption High
CVE-2026-0599 was published for text-generation (pip) Feb 2, 2026
llama-index-core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-6208 was published for llama-index-core (pip) Feb 2, 2026
Unfurl's unbounded zlib decompression allows decompression bomb DoS Moderate
GHSA-h5qv-qjv4-pc5m was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team Credited to mobasi-team
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion High
CVE-2026-23842 was published for chatterbot (pip) Jan 20, 2026
AdityaBhatt3010 Credited to AdityaBhatt3010
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007 Credited to tsigouris007
pypdf has possible long runtimes for malformed startxref Low
CVE-2026-22691 was published for pypdf (pip) Jan 9, 2026
mkaalto Credited to mkaalto and stefan6419846 stefan6419846 stefan6419846
pypdf has possible long runtimes for missing /Root object with large /Size values Low
CVE-2026-22690 was published for pypdf (pip) Jan 9, 2026
N0zoM1z0 Credited to N0zoM1z0 and stefan6419846 stefan6419846 stefan6419846
pypdf's LZWDecode streams be manipulated to exhaust RAM Moderate
CVE-2025-66019 was published for pypdf (pip) Nov 24, 2025
aydinnyunus Credited to aydinnyunus and stefan6419846 stefan6419846 stefan6419846
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation High
CVE-2025-6176 was published for Scrapy (pip) Oct 31, 2025
smithcoin Credited to smithcoin and Cycloctane Cycloctane Cycloctane
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon Credited to ch4n3-yoon and nadavaseal nadavaseal nadavaseal
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
CVE-2025-62706 was published for authlib (pip) Oct 10, 2025
AL-Cybision Credited to AL-Cybision
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision Credited to AL-Cybision
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337 Ga-ryo Ga-ryo
ota42y ota42y Alnusjaponica Alnusjaponica Isotr0py Isotr0py DarkLight1337 DarkLight1337
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer Moderate
CVE-2025-6921 was published for transformers (pip) Sep 23, 2025
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh Credited to cyjhhh
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba Credited to jperezdealgaba, russellb, and taneem-ibrahim russellb russellb
taneem-ibrahim taneem-ibrahim
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
laura240406 Credited to laura240406 and stefan6419846 stefan6419846 stefan6419846
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit Credited to suidpit, ndaprela, TheZ3ro, and smaury ndaprela ndaprela
TheZ3ro TheZ3ro smaury smaury
LlamaIndex Vulnerable to Denial of Service (DoS) High
CVE-2025-1752 was published for llama-index (pip) May 10, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database