Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,366 advisories

Loading
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all... Moderate Unreviewed
CVE-2024-12601 was published Dec 17, 2024
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS... Moderate Unreviewed
CVE-2024-12579 was published Dec 13, 2024
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful... Moderate Unreviewed
CVE-2024-54113 was published Dec 12, 2024
Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource... Moderate Unreviewed
CVE-2024-42426 was published Dec 9, 2024
Withdrawn Advisory: Netty vulnerability included in redis lettuce Moderate
GHSA-q4h9-7rxj-7gx2 was published for io.lettuce:lettuce-core (Maven) Dec 2, 2024 withdrawn
gmcallister-r7 SteffenGabel
Credited to gmcallister-r7 and SteffenGabel
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL... Moderate Unreviewed
CVE-2024-11498 was published Nov 25, 2024
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper... Moderate Unreviewed
CVE-2018-9412 was published Nov 20, 2024
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an... Moderate Unreviewed
CVE-2024-45420 was published Nov 19, 2024
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue... Moderate Unreviewed
CVE-2023-39180 was published Nov 18, 2024
Spring MVC controller vulnerable to a DoS attack Moderate
CVE-2024-38828 was published for org.springframework:spring-webmvc (Maven) Nov 18, 2024
ayamburg-panw Louis-Jones-Evri
Credited to ayamburg-panw and Louis-Jones-Evri
Denial of Service attack on windows app using netty Moderate
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR AB-xdev
irene221b vmulas
Credited to Amossys-PGR, AB-xdev, irene221b, and vmulas
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Moderate Unreviewed
CVE-2024-46891 was published Nov 12, 2024
Authenticated users can upload specifically crafted files to leak server resources. This behavior... Moderate Unreviewed
CVE-2024-38826 was published Nov 11, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Undertow Denial of Service vulnerability Moderate
CVE-2023-1973 was published for io.undertow:undertow-core (Maven) Nov 7, 2024
Vulnerability of processes not being fully terminated in the VPN module Impact: Successful... Moderate Unreviewed
CVE-2024-51513 was published Nov 5, 2024
A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7... Moderate Unreviewed
CVE-2024-10599 was published Nov 1, 2024
Gnark out-of-memory during deserialization with crafted inputs Moderate
CVE-2024-50354 was published for github.com/consensys/gnark (Go) Oct 31, 2024
pventuzelo
Credited to pventuzelo
The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation... Moderate Unreviewed
CVE-2024-31152 was published Oct 30, 2024
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for Quart (pip) Oct 25, 2024
defnull
Credited to defnull
A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow... Moderate Unreviewed
CVE-2024-20526 was published Oct 23, 2024
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to... Moderate Unreviewed
CVE-2024-50311 was published Oct 22, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Credited to westonsteimel
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported... Moderate Unreviewed
CVE-2024-21219 was published Oct 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database