Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Pillow vulnerable to Data Amplification attack. High
CVE-2022-45198 was published for pillow (pip) Nov 14, 2022
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy
Credited to dmandefy
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing High
CVE-2024-7765 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack Moderate
CVE-2025-46730 was published for mobsf (pip) May 5, 2025
ssshah2131
Credited to ssshah2131
pypdf can exhaust RAM via manipulated LZWDecode streams Moderate
CVE-2025-62708 was published for pypdf (pip) Oct 22, 2025
tylzh97 stefan6419846
Credited to tylzh97 and stefan6419846
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database