Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
DDOS attack on graphql endpoints High
CVE-2023-28104 was published for silverstripe/graphql (Composer) Mar 16, 2023
GuySartorelli
Credited to GuySartorelli
Denial of service in Jenkins Core High
CVE-2023-27901 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
A denial of service is possible from excessive resource consumption in net/http and mime... High Unreviewed
CVE-2022-41725 was published Feb 28, 2023
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Credited to AdamKorcz and shizhMSFT
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method... High Unreviewed
CVE-2022-31394 was published Feb 21, 2023
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification... High Unreviewed
CVE-2023-26249 was published Feb 21, 2023
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Credited to mosaa404
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
Credited to das7pad
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Credited to das7pad
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
Credited to das7pad
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non... High Unreviewed
CVE-2022-40513 was published Feb 12, 2023
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via... High Unreviewed
CVE-2023-25193 was published Feb 4, 2023
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Credited to MarkLee131
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x... High Unreviewed
CVE-2023-22323 was published Feb 1, 2023
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4... High Unreviewed
CVE-2023-23846 was published Feb 1, 2023
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist... High Unreviewed
CVE-2022-20490 was published Jan 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions... High Unreviewed
CVE-2022-20489 was published Jan 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions... High Unreviewed
CVE-2022-20456 was published Jan 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions... High Unreviewed
CVE-2022-20492 was published Jan 26, 2023
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone... High Unreviewed
CVE-2021-36630 was published Jan 18, 2023
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding... High Unreviewed
CVE-2023-22403 was published Jan 13, 2023
rdiffweb has no rate limit on resend email feature High
CVE-2022-4723 was published for rdiffweb (pip) Dec 27, 2022
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive... High Unreviewed
CVE-2022-42531 was published Dec 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database