Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
A vulnerability has been identified where a maliciously crafted message containing a specific... High Unreviewed
CVE-2023-28356 was published May 12, 2023
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak High
GHSA-q3j6-22wf-3jh9 was published for github.com/ipfs/go-bitswap (Go) May 11, 2023
Jorropo guseggert
Credited to Jorropo and guseggert
distribution catalog API endpoint can lead to OOM via malicious user input High
CVE-2023-2253 was published for github.com/docker/distribution (Go) May 11, 2023
josegomezr
Credited to josegomezr
Boxo bitswap/server: DOS unbounded persistent memory leak High
CVE-2023-25568 was published for github.com/ipfs/go-libipfs (Go) May 11, 2023
Jorropo guseggert
Credited to Jorropo and guseggert
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in... High Unreviewed
CVE-2023-31472 was published May 9, 2023
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of... High Unreviewed
CVE-2023-26285 was published May 5, 2023
Rekor's compressed archives can result in OOM conditions High
CVE-2023-30551 was published for github.com/sigstore/rekor (Go) May 3, 2023
AdamKorcz DavidKorczynski
Credited to AdamKorcz and DavidKorczynski
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the... High Unreviewed
CVE-2023-30455 was published Apr 28, 2023
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash... High Unreviewed
CVE-2023-28882 was published Apr 28, 2023
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6... High Unreviewed
CVE-2023-27556 was published Apr 28, 2023
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a... High Unreviewed
CVE-2023-29779 was published Apr 25, 2023
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4... High Unreviewed
CVE-2023-0383 was published Apr 20, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before... High Unreviewed
CVE-2018-15472 was published Apr 16, 2023
An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause... High Unreviewed
CVE-2023-27643 was published Apr 14, 2023
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service... High Unreviewed
CVE-2023-27653 was published Apr 14, 2023
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus... High Unreviewed
CVE-2023-30636 was published Apr 14, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Credited to amita-seal and sunSUNQ
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ... High Unreviewed
CVE-2022-43768 was published Apr 11, 2023
An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of... High Unreviewed
CVE-2023-27191 was published Apr 11, 2023
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs... High Unreviewed
CVE-2023-24536 was published Apr 6, 2023
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability... High Unreviewed
CVE-2022-48357 was published Mar 28, 2023
GraphQL Java vulnerable to stack consumption High
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb High
CVE-2023-28119 was published for github.com/crewjam/saml (Go) Mar 22, 2023
nszetei
Credited to nszetei
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple... High Unreviewed
CVE-2022-42333 was published Mar 21, 2023
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database