Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,038 advisories

Loading
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-40703 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-48268 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may... High Unreviewed
CVE-2023-6277 was published Nov 24, 2023
Ethereum ABI decoder DoS when parsing ZST Moderate
GHSA-rqr8-pxh7-cq3g was published for eth-abi (pip) Nov 24, 2023
maxammann
Credited to maxammann
Bouncy Castle Denial of Service (DoS) Moderate
CVE-2023-33202 was published for org.bouncycastle:bcpkix-jdk18on (Maven) Nov 23, 2023
ind-team ebickle
mpihelgas
Credited to ind-team, ebickle, and mpihelgas
A possibility of unwanted server memory consumption was detected through the obsolete... Moderate Unreviewed
CVE-2023-6117 was published Nov 22, 2023
Decryption of malicious PBES2 JWE objects can consume unbounded system resources Moderate
GHSA-2c7c-3mj9-8fqh was published for github.com/go-jose/go-jose/v3 (Go) Nov 21, 2023
mcpherrinm
Credited to mcpherrinm
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple... High Unreviewed
CVE-2023-41102 was published Nov 17, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory Moderate
GHSA-w98g-5fmx-wm4x was published for pocketmine/raklib (Composer) Nov 15, 2023
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the... High Unreviewed
CVE-2023-45621 was published Nov 15, 2023
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed... High Unreviewed
CVE-2023-45622 was published Nov 15, 2023
When a specific component is loaded a local attacker and is able to send a specially crafted... High Unreviewed
CVE-2023-38043 was published Nov 15, 2023
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom... Moderate Unreviewed
CVE-2023-39203 was published Nov 15, 2023
Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may... Moderate Unreviewed
CVE-2023-25949 was published Nov 14, 2023
Visual Studio Denial of Service Vulnerability Moderate Unreviewed
CVE-2023-36042 was published Nov 14, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed
CVE-2023-44321 was published Nov 14, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a... Moderate Unreviewed
CVE-2023-45167 was published Nov 10, 2023
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the... High Unreviewed
CVE-2023-5759 was published Nov 8, 2023
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the... High Unreviewed
CVE-2023-45319 was published Nov 8, 2023
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the... High Unreviewed
CVE-2023-35767 was published Nov 8, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry Low
CVE-2023-46737 was published for github.com/sigstore/cosign (Go) Nov 8, 2023
AdamKorcz pdeslaur
Credited to AdamKorcz and pdeslaur
Mattermost vulnerable to excessive memory consumption Moderate
CVE-2023-5969 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
Credited to MarkLee131
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database