Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Improper Locking in github.com/containers/storage Moderate
CVE-2021-20291 was published for github.com/containers/storage (Go) May 10, 2021
Denial of Service (DoS) in HashiCorp Consul High
CVE-2020-7219 was published for github.com/hashicorp/consul (Go) May 18, 2021
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad High
CVE-2020-7218 was published for github.com/hashicorp/nomad (Go) May 18, 2021
miekg/dns parsing error leads to nil pointer dereference and DoS High
CVE-2018-17419 was published for github.com/miekg/dns (Go) May 18, 2021
golang.org/x/text Infinite loop Moderate
CVE-2020-14040 was published for golang.org/x/text (Go) May 18, 2021
github.com/pires/go-proxyproto denial of service vulnerability Moderate
CVE-2021-23351 was published for github.com/pires/go-proxyproto (Go) May 18, 2021
github.com/tidwall/gjson is vulnerable to Denial of service High
CVE-2020-36066 was published for github.com/tidwall/gjson (Go) May 18, 2021
Integer overflow in github.com/gorilla/websocket High
CVE-2020-27813 was published for github.com/gorilla/websocket (Go) May 18, 2021
Import loops in account imports, nats-server DoS Low
GHSA-gwj5-3vfq-q992 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Denial of service in GJSON High
CVE-2020-35380 was published for github.com/tidwall/gjson (Go) Jun 23, 2021
Denial of service in geth Moderate
CVE-2020-26242 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
Denial of service in github.com/ethereum/go-ethereum Moderate
CVE-2020-26264 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
lukaszmatczak
Denial of Service in miekg-dns High
CVE-2017-15133 was published for github.com/miekg/dns (Go) Jun 29, 2021
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion High
CVE-2021-23409 was published for github.com/pires/go-proxyproto (Go) Jul 26, 2021
tdunlap607
github.com/tidwall/gjson Vulnerable to REDoS attack High
CVE-2021-42836 was published for github.com/tidwall/gjson (Go) Oct 25, 2021
Infinite open connection causes OctoRPKI to hang forever Moderate
CVE-2021-3909 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
michaelkedar
Infinite certificate chain depth results in OctoRPKI running forever Moderate
CVE-2021-3908 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
andrewpollock
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
golang.org/x/net/http2 allows uncontrolled memory consumption High
CVE-2021-44716 was published for golang.org/x/net/http2 (Go) Jan 2, 2022
Denial of Service in graphql-go Moderate
CVE-2022-21708 was published for github.com/graph-gophers/graphql-go (Go) Jan 27, 2022
jupenur
Denial of service in github.com/nats-io/nats-server/server High
CVE-2020-28466 was published for github.com/nats-io/nats-server (Go) Feb 15, 2022
Denial of Service (DoS) in HashiCorp Consul Moderate
CVE-2020-12758 was published for github.com/hashicorp/consul (Go) Feb 15, 2022
Denial of service in Grafana Moderate
CVE-2021-27358 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Kubernetes API Server DoS Via API Requests Moderate
CVE-2020-8552 was published for k8s.io/apiserver (Go) Feb 15, 2022
skitt marquiz
toddtreece
Nomad Spread Job Stanza May Trigger Panic in Servers Moderate
CVE-2022-24684 was published for github.com/hashicorp/nomad (Go) Feb 16, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database