Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
Uses of deprecated API can be used to cause DoS in user-facing endpoints High
CVE-2022-31054 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
Credited to DavidKorczynski and AdamKorcz
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Credited to DavidKorczynski and AdamKorcz
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Credited to DavidKorczynski and AdamKorcz
Denial of service binding form from JSON in Play Framework High
CVE-2022-31018 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
beny23 gmethvin
BillyAutrey
Credited to beny23, gmethvin, and BillyAutrey
Uncontrolled Resource Consumption in Mattermost server Moderate
CVE-2022-1982 was published for github.com/mattermost/mattermost-server (Go) Jun 3, 2022
Denial of Service Vulnerability in Rack Multipart Parsing High
CVE-2022-30122 was published for rack (RubyGems) May 27, 2022
Undertow Uncontrolled Resource Consumption High
CVE-2021-3629 was published for io.undertow:undertow-core (Maven) May 25, 2022
nhakmiller
Credited to nhakmiller
Denial of service in `tf.ragged.constant` due to lack of validation Moderate
CVE-2022-29202 was published for tensorflow (pip) May 24, 2022
DoS via malicious p2p message in Go Ethereum Moderate
CVE-2022-29177 was published for github.com/ethereum/go-ethereum (Go) May 24, 2022
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
Moodle Denial of Service High
CVE-2020-25630 was published for moodle/moodle (Composer) May 24, 2022
Uncontrolled Resource Consumption in WildFly Moderate
CVE-2020-25689 was published for org.wildfly:wildfly-dist (Maven) May 24, 2022
Wildfly EJB Client causes DoS Moderate
CVE-2020-14297 was published for org.jboss:jboss-ejb-client (Maven) May 24, 2022
Mattermost Server is vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2016-11067 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
OpenStack Mistral DoS High
CVE-2018-16848 was published for mistral (pip) May 24, 2022
Undertow vulnerable to Uncontrolled Resource Consumption High
CVE-2019-14888 was published for io.undertow:undertow-core (Maven) May 24, 2022
Denial of service in ASP.NET Core Moderate
CVE-2020-0602 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
skofman1
Credited to skofman1
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16555 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Pivotal RabbitMQ is vulnerable to a denial of service attack High
CVE-2019-11287 was published for RabbitMQ (Erlang) May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple High
CVE-2019-12473 was published for mediawiki/core (Composer) May 24, 2022
Uncontrolled Resource Consumption in Hawk High
CVE-2022-29167 was published for hawk (npm) May 23, 2022
DOMPDF denial of service vulnerability Moderate
CVE-2014-5012 was published for dompdf/dompdf (Composer) May 17, 2022
Publify vulnerable to DoS attack High
CVE-2014-3211 was published for publify_core (RubyGems) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database