Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,366 advisories

Loading
Withdrawn: scipy memory leak vulnerability Moderate
CVE-2023-25399 was published for scipy (pip) Jul 5, 2023 withdrawn
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6... Moderate Unreviewed
CVE-2023-1206 was published Jul 1, 2023
In list_key_entries of utils.rs, there is a possible way to disable user credentials due to... Moderate Unreviewed
CVE-2023-21176 was published Jun 28, 2023
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. Moderate Unreviewed
CVE-2023-3398 was published Jun 26, 2023
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
Credited to SuperMonis, dordsor21, and NotMyFault
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
Credited to vietj
When adding an external mail account, processing of POP3 "capabilities" responses are not limited... Moderate Unreviewed
CVE-2023-26434 was published Jun 20, 2023
When adding an external mail account, processing of SMTP "capabilities" responses are not limited... Moderate Unreviewed
CVE-2023-26432 was published Jun 20, 2023
When adding an external mail account, processing of IMAP "capabilities" responses are not limited... Moderate Unreviewed
CVE-2023-26433 was published Jun 20, 2023
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to... Moderate Unreviewed
CVE-2023-2831 was published Jun 16, 2023
Mattermost fails to validate links on external websites when constructing a preview for a linked... Moderate Unreviewed
CVE-2023-2793 was published Jun 16, 2023
Mattermost fails to properly truncate the postgres error log message of a search query failure... Moderate Unreviewed
CVE-2023-2785 was published Jun 16, 2023
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an... Moderate Unreviewed
CVE-2023-2683 was published Jun 15, 2023
Due to an error in the software interface to the secure element chip on Bosch IP cameras of... Moderate Unreviewed
CVE-2023-32229 was published Jun 15, 2023
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent... Moderate Unreviewed
CVE-2023-29767 was published Jun 9, 2023
Vapor's Metrics integration could cause a system drain Moderate
CVE-2021-21328 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged... Moderate Unreviewed
CVE-2023-34969 was published Jun 8, 2023
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11... Moderate Unreviewed
CVE-2023-0921 was published Jun 6, 2023
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack Moderate
CVE-2023-33958 was published for github.com/notaryproject/notation (Go) Jun 6, 2023
AdamKorcz
Credited to AdamKorcz
Notation vulnerable to denial of service from high number of artifact signatures Moderate
CVE-2023-33957 was published for github.com/notaryproject/notation (Go) Jun 6, 2023
AdamKorcz
Credited to AdamKorcz
Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages... Moderate Unreviewed
CVE-2022-33303 was published Jun 6, 2023
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage... Moderate Unreviewed
CVE-2023-29544 was published Jun 2, 2023
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly... Moderate Unreviewed
CVE-2023-0616 was published Jun 2, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket' Moderate
GHSA-42qm-8v8m-m78c was published for pocketmine/pocketmine-mp (Composer) Jun 1, 2023
dktapps
Credited to dktapps
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database