Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
containerd CRI stream server vulnerable to host memory exhaustion via terminal Moderate
CVE-2022-23471 was published for github.com/containerd/containerd (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23492 was published for github.com/libp2p/go-libp2p (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
Credited to aruneko
Creation of new database tables through login form on PostgreSQL High
CVE-2022-41932 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Free5gc vulnerable to uncontrolled resource consumption High
CVE-2022-38871 was published for github.com/free5gc/free5gc (Go) Nov 19, 2022
Pillow subject to DoS via SAMPLESPERPIXEL tag High
CVE-2022-45199 was published for pillow (pip) Nov 14, 2022
MessagePack for Golang subject to DoS via Unmarshal panic High
CVE-2022-41719 was published for github.com/shamaton/msgpack/v2 (Go) Nov 11, 2022
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
DanielRuf
Credited to DanielRuf
conduit-hyper vulnerable to Denial of Service from unchecked request length High
CVE-2022-39294 was published for conduit-hyper (Rust) Oct 31, 2022
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
.NET Denial of Service Vulnerability High
CVE-2022-23267 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 21, 2022
minimatch ReDoS vulnerability High
CVE-2022-3517 was published for minimatch (npm) Oct 18, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban G-Rath
Credited to jeran-urban and G-Rath
org.ini4j allows attackers to cause a Denial of Service (DoS) High
CVE-2022-41404 was published for org.ini4j:ini4j (Maven) Oct 12, 2022
cx-eilon-cohen
Credited to cx-eilon-cohen
Traefik HTTP/2 connections management could cause a denial of service High
CVE-2022-39271 was published for github.com/traefik/traefik/v2 (Go) Oct 10, 2022
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
v8n vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-35923 was published for v8n (npm) Oct 7, 2022
vovikhangcdv
Credited to vovikhangcdv
Tendermint Core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2021-21271 was published for github.com/tendermint/tendermint (Go) Oct 7, 2022
cmwaters melekes
cyril-crypto brianatcrypto tomtau yihuang
Credited to cmwaters, melekes, cyril-crypto, brianatcrypto, tomtau, and yihuang
kamadak-exif vulnerable to Infinite loop when parsing PNG files Moderate
CVE-2021-21235 was published for kamadak-exif (Rust) Oct 6, 2022
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Credited to AdamKorcz, coheigea, sonnyhcl, Christiaan-de-Wet, and sunSUNQ
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
Credited to AdamKorcz, sonnyhcl, sunSUNQ, and pjfanning
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package High
CVE-2022-2529 was published for github.com/cloudflare/goflow/v3 (Go) Oct 1, 2022
JustinTimperio
Credited to JustinTimperio
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database