Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,040 advisories

Loading
Drivers are not always robust to extremely large draw calls and in some cases this scenario could... High Unreviewed
CVE-2023-5724 was published Oct 25, 2023
PingFederate Administrative Console dependency contains a weakness where console becomes... High Unreviewed
CVE-2023-39219 was published Oct 25, 2023
IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11... Moderate Unreviewed
CVE-2023-42031 was published Oct 25, 2023
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior... Moderate Unreviewed
CVE-2022-3698 was published Oct 25, 2023
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior... Moderate Unreviewed
CVE-2022-0353 was published Oct 25, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 davidism
Credited to psrok1 and davidism
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
CVE-2024-0241 was published for encoded_id-rails (RubyGems) Oct 24, 2023
RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack Moderate
CVE-2023-46120 was published for com.rabbitmq:amqp-client (Maven) Oct 24, 2023
LianKee
Credited to LianKee
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request... Moderate Unreviewed
CVE-2023-45802 was published Oct 23, 2023
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block... High Unreviewed
CVE-2023-43622 was published Oct 23, 2023
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion Moderate
CVE-2024-43806 was published for rustix (Rust) Oct 18, 2023
cyqsimon sigmaSd
popey
Credited to cyqsimon, sigmaSd, and popey
OpenFGA DoS vulnerability High
CVE-2023-45810 was published for github.com/openfga/openfga (Go) Oct 18, 2023
KlausVii
Credited to KlausVii
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
OpenSearch uncontrolled resource consumption High
GHSA-8wx3-324g-w4qq was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries High
CVE-2023-40180 was published for silverstripe/graphql (Composer) Oct 17, 2023
Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an... Moderate Unreviewed
CVE-2023-5522 was published Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a... Moderate Unreviewed
CVE-2022-43893 was published Oct 17, 2023
Traefik vulnerable to HTTP/2 request causing denial of service Moderate
GHSA-7v4p-328v-8v5g was published for github.com/traefik/traefik (Go) Oct 17, 2023
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. Moderate Unreviewed
CVE-2023-5595 was published Oct 16, 2023
IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service... High Unreviewed
CVE-2022-43740 was published Oct 14, 2023
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2023-38251 was published for magento/community-edition (Composer) Oct 13, 2023
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding... High Unreviewed
CVE-2023-36841 was published Oct 13, 2023
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are... High Unreviewed
CVE-2023-27314 was published Oct 12, 2023
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of... High Unreviewed
CVE-2023-25774 was published Oct 12, 2023
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database