Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,041 advisories

Loading
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
Credited to wwahammy, kflavin, and martingregoire
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Credited to Boegie19, derrickmehaffy, and alexandrebodin
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
DHCP Server Service Denial of Service Vulnerability High Unreviewed
CVE-2023-38162 was published Sep 12, 2023
Windows TCP/IP Denial of Service Vulnerability High Unreviewed
CVE-2023-38149 was published Sep 12, 2023
Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service... High Unreviewed
CVE-2022-23382 was published Sep 11, 2023
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows... High Unreviewed
CVE-2023-36161 was published Sep 11, 2023
Argo CD repo-server Denial of Service vulnerability Moderate
CVE-2023-40584 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
amit-laish
Credited to amit-laish
Processing an incomplete post-handshake message for a QUIC connection can cause a panic. High Unreviewed
CVE-2023-39321 was published Sep 8, 2023
QUIC connections do not set an upper bound on the amount of data buffered when reading post... High Unreviewed
CVE-2023-39322 was published Sep 8, 2023
Go-Ethereum vulnerable to denial of service via malicious p2p message High
CVE-2023-40591 was published for github.com/ethereum/go-ethereum (Go) Sep 6, 2023
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... Moderate Unreviewed
CVE-2023-28188 was published Sep 6, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5,... High Unreviewed
CVE-2023-4647 was published Sep 1, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5,... Moderate Unreviewed
CVE-2023-3205 was published Sep 1, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5,... Moderate Unreviewed
CVE-2023-3210 was published Sep 1, 2023
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager ... Moderate Unreviewed
CVE-2023-41739 was published Aug 31, 2023
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before... Moderate Unreviewed
CVE-2023-4162 was published Aug 31, 2023
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service... High Unreviewed
CVE-2023-41121 was published Aug 26, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability Moderate
CVE-2023-24620 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP... High Unreviewed
CVE-2023-41173 was published Aug 25, 2023
webpki: CPU denial of service in certificate path building High
GHSA-8qv2-5vq6-g2g7 was published for webpki (Rust) Aug 25, 2023
nipunn1313 phil-opp
Credited to nipunn1313 and phil-opp
libp2p nodes vulnerable to OOM attack High
CVE-2023-40583 was published for github.com/libp2p/go-libp2p (Go) Aug 24, 2023
marten-seemann
Credited to marten-seemann
A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its... High Unreviewed
CVE-2023-4418 was published Aug 24, 2023
An adversary could cause a continuous restart loop to the entire device by sending a large... High Unreviewed
CVE-2023-40710 was published Aug 24, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the... High Unreviewed
CVE-2023-40709 was published Aug 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database