GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Low
CVE-2024-6762
was published
for
org.eclipse.jetty:jetty-servlets
(Maven)
Oct 14, 2024
CosmWasm wasmd has large address count in ValidateBasic
Low
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Low
GHSA-v7hc-87jc-qrrr
was published
for
knative.dev/eventing-github
(Go)
Dec 6, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
Denial of service from large image
Low
CVE-2023-37900
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads
Low
CVE-2023-37481
was published
for
ethyca-fides
(pip)
Jul 18, 2023
Fides Webserver Vulnerable to Zip Bomb File Uploads
Low
CVE-2023-37480
was published
for
ethyca-fides
(pip)
Jul 18, 2023
RuoYi Uncontrolled Resource Consumption vulnerability
Low
CVE-2023-3163
was published
for
com.ruoyi:ruoyi
(Maven)
Jun 8, 2023
Denial of Service Vulnerability in Rack Content-Disposition parsing
Low
CVE-2022-44571
was published
for
rack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Denial of service via multipart parsing in Rack
Low
CVE-2022-44572
was published
for
rack
(RubyGems)
Jan 18, 2023
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Low
CVE-2020-36620
was published
for
EnumStringValues
(NuGet)
Dec 21, 2022
hutool-json vulnerable to memory exhaustion
Low
CVE-2022-45689
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
Plone Denial of Service vulnerability via decompressing large zip archives
Low
CVE-2013-4199
was published
for
plone
(pip)
May 17, 2022
Puppet Denial of Service and Arbitrary File Write
Low
CVE-2012-1987
was published
for
puppet
(RubyGems)
May 14, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
Potential Denial-of-Service in bindata
Low
CVE-2021-32823
was published
for
bindata
(RubyGems)
Jun 23, 2021
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API