Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
is_closing_session() allows users to create arbitrary tcp dbus connections High Unreviewed
CVE-2022-28655 was published Jun 5, 2024
Flooding Server with Thumbnail files High
CVE-2024-32871 was published for pimcore/pimcore (Composer) Jun 4, 2024
jheimbach dandanx
Credited to jheimbach and dandanx
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-hjx5-v9xg-7h25 was published for typo3/cms-core (Composer) May 30, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
Credited to Sim4n6 and ioquatix
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS... High Unreviewed
CVE-2024-27804 was published May 14, 2024
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can... High Unreviewed
CVE-2024-4140 was published May 2, 2024
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for... High Unreviewed
CVE-2024-34046 was published Apr 30, 2024
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar... High Unreviewed
CVE-2024-1666 was published Apr 16, 2024
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a... High Unreviewed
CVE-2024-3382 was published Apr 10, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to... High Unreviewed
CVE-2024-27316 was published Apr 4, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn
Credited to bartekn
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
Credited to marten-seemann
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1.... High Unreviewed
CVE-2023-43768 was published Mar 27, 2024
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via... High Unreviewed
CVE-2024-26577 was published Mar 27, 2024
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory... High Unreviewed
CVE-2021-47137 was published Mar 25, 2024
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise... High Unreviewed
CVE-2024-30156 was published Mar 24, 2024
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged... High Unreviewed
CVE-2020-11862 was published Mar 14, 2024
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI... High Unreviewed
CVE-2024-22255 was published Mar 5, 2024
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5... High Unreviewed
CVE-2024-26461 was published Feb 29, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS... High Unreviewed
CVE-2024-20321 was published Feb 29, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Credited to luffy1949
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP)... High Unreviewed
CVE-2024-23979 was published Feb 14, 2024
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time... High Unreviewed
CVE-2024-21771 was published Feb 14, 2024
Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers... High Unreviewed
CVE-2023-50387 was published Feb 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database