Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,367 advisories

Loading
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported... Moderate Unreviewed
CVE-2024-20985 was published Jan 17, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported... Moderate Unreviewed
CVE-2024-20983 was published Jan 17, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2024-20971 was published Jan 17, 2024
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core)... Moderate Unreviewed
CVE-2024-20959 was published Jan 17, 2024
An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe,... Moderate Unreviewed
CVE-2024-0581 was published Jan 16, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An... Moderate Unreviewed
CVE-2023-42941 was published Jan 11, 2024
CRI-O's pods can break out of resource confinement on cgroupv2 Moderate
CVE-2023-6476 was published for github.com/cri-o/cri-o (Go) Jan 10, 2024
Tal-or
Credited to Tal-or
quic-go's path validation mechanism can be exploited to cause denial of service Moderate
CVE-2023-49295 was published for github.com/quic-go/quic-go (Go) Jan 10, 2024
marten-seemann
Credited to marten-seemann
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified... Moderate Unreviewed
CVE-2024-0348 was published Jan 10, 2024
Microsoft ASP.NET Core project templates vulnerable to denial of service Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
aried3r
Credited to aried3r
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation... Moderate Unreviewed
CVE-2024-22164 was published Jan 9, 2024
Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS). Moderate Unreviewed
CVE-2023-50121 was published Jan 6, 2024
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the... Moderate Unreviewed
CVE-2023-49555 was published Jan 3, 2024
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the... Moderate Unreviewed
CVE-2023-49557 was published Jan 3, 2024
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a... Moderate Unreviewed
CVE-2023-50019 was published Jan 3, 2024
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due... Moderate Unreviewed
CVE-2023-26157 was published Jan 2, 2024
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF... Moderate Unreviewed
CVE-2023-6228 was published Dec 28, 2023
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value Moderate
CVE-2023-6681 was published for jwcrypto (pip) Dec 28, 2023
Grails data binding causes JVM crash and/or other denial of service Moderate
CVE-2023-46131 was published for org.grails:grails-databinding (Maven) Dec 20, 2023
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource... Moderate Unreviewed
CVE-2023-6910 was published Dec 20, 2023
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Unbounded queuing of path validation messages in cloudflare-quiche Moderate
CVE-2023-6193 was published for quiche (Rust) Dec 13, 2023
LPardue marten-seemann
Credited to LPardue and marten-seemann
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to... Moderate Unreviewed
CVE-2023-49809 was published Dec 12, 2023
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks,... Moderate Unreviewed
CVE-2023-45847 was published Dec 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database