Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,313 advisories

Loading
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35516 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-36104 was published for typo3/cms (Composer) Sep 16, 2022
rikwillems
Credited to rikwillems
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35517 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Uncontrolled memory consumption Moderate
CVE-2021-31811 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using... High Unreviewed
CVE-2021-44502 was published Apr 16, 2022
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with... High Unreviewed
CVE-2022-20622 was published Apr 16, 2022
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number... Moderate Unreviewed
CVE-2022-1333 was published Apr 14, 2022
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified... Moderate Unreviewed
CVE-2022-22404 was published Apr 2, 2022
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14... Moderate Unreviewed
CVE-2022-1121 was published Apr 5, 2022
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Credited to Nintorac
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
axum-core has no default limit put on request bodies High
CVE-2022-3212 was published for axum-core (Rust) Sep 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database