GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
pypdf: Possible infinite loop when processing threads/articles in writer
Moderate
CVE-2026-54651
was published
for
pypdf
(pip)
Jul 9, 2026
Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Moderate
CVE-2026-55865
was published
for
python-liquid
(pip)
Jun 19, 2026
pypdf: Possible infinite loop when processing outlines/bookmarks in writer
Moderate
CVE-2026-54531
was published
for
pypdf
(pip)
Jun 16, 2026
pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction
Moderate
CVE-2026-54530
was published
for
pypdf
(pip)
Jun 16, 2026
OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body
High
CVE-2026-49017
was published
for
swift
(pip)
May 27, 2026
justhtml introduces denial-of-service hardening
Low
GHSA-r8cj-3554-33mr
was published
for
justhtml
(pip)
May 8, 2026
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Moderate
CVE-2026-42310
was published
for
pillow
(pip)
May 4, 2026
justhtml has sanitization bypass in custom policies and programmatic DOM
Moderate
GHSA-vrx2-77f2-ww34
was published
for
justhtml
(pip)
Apr 22, 2026
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Moderate
CVE-2026-33699
was published
for
pypdf
(pip)
Mar 25, 2026
Denial of service via non-terminating SYLT frame parsing loop in tinytag
Moderate
CVE-2026-32889
was published
for
tinytag
(pip)
Mar 19, 2026
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop
High
CVE-2026-32875
was published
for
ujson
(pip)
Mar 18, 2026
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Low
CVE-2026-27628
was published
for
pypdf
(pip)
Feb 25, 2026
pypdf has a possible infinite loop when processing TreeObject
Moderate
CVE-2026-27024
was published
for
pypdf
(pip)
Feb 18, 2026
pypdf has possible Infinite Loop when processing outlines/bookmarks
Moderate
CVE-2026-24688
was published
for
pypdf
(pip)
Jan 26, 2026
AIOHTTP vulnerable to DoS when bypassing asserts
Moderate
CVE-2025-69227
was published
for
aiohttp
(pip)
Jan 5, 2026
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
Moderate
CVE-2025-48879
was published
for
OctoPrint
(pip)
Jun 10, 2025
ZenML unauthenticated DoS via Multipart Boundry
High
CVE-2024-9340
was published
for
zenml
(pip)
Mar 20, 2025
LlamaIndex Improper Handling of Exceptional Conditions vulnerability
High
CVE-2024-12704
was published
for
llama-index-core
(pip)
Mar 20, 2025
FastChat Uncontrolled Resource Consumption vulnerability
High
CVE-2024-10907
was published
for
fschat
(pip)
Mar 20, 2025
DB-GPT Uncontrolled Resource Consumption vulnerability
High
CVE-2024-10829
was published
for
dbgpt
(pip)
Mar 20, 2025
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`
High
CVE-2024-10821
was published
for
InvokeAI
(pip)
Mar 20, 2025
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API