Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
Boxo bitswap/server: DOS unbounded persistent memory leak High
CVE-2023-25568 was published for github.com/ipfs/go-libipfs (Go) May 11, 2023
Jorropo guseggert
Credited to Jorropo and guseggert
distribution catalog API endpoint can lead to OOM via malicious user input High
CVE-2023-2253 was published for github.com/docker/distribution (Go) May 11, 2023
josegomezr
Credited to josegomezr
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak High
GHSA-q3j6-22wf-3jh9 was published for github.com/ipfs/go-bitswap (Go) May 11, 2023
Jorropo guseggert
Credited to Jorropo and guseggert
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
Credited to Jorropo
A vulnerability has been identified where a maliciously crafted message containing a specific... High Unreviewed
CVE-2023-28356 was published May 12, 2023
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. Moderate Unreviewed
CVE-2023-31914 was published May 12, 2023
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a... Moderate Unreviewed
CVE-2023-20930 was published May 16, 2023
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access... High Unreviewed
CVE-2023-21110 was published May 16, 2023
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-2666 was published for froxlor/froxlor (Composer) May 19, 2023
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. Moderate Unreviewed
CVE-2023-33720 was published May 26, 2023
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them... Unknown Unreviewed
CVE-2023-2650 was published May 30, 2023
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file... Moderate Unreviewed
CVE-2023-33656 was published May 30, 2023
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to... Moderate Unreviewed
CVE-2023-29737 was published May 30, 2023
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly... Moderate Unreviewed
CVE-2023-0616 was published Jun 2, 2023
Regular expressions used to filter out forbidden properties and values from style directives in... Moderate Unreviewed
CVE-2023-23603 was published Jun 2, 2023
In dialer service, there is a possible missing permission check. This could lead to local denial... Moderate Unreviewed
CVE-2022-48440 was published Jun 6, 2023
In dialer service, there is a possible missing permission check. This could lead to local denial... Moderate Unreviewed
CVE-2022-48441 was published Jun 6, 2023
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11... Moderate Unreviewed
CVE-2023-0921 was published Jun 6, 2023
A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13... High Unreviewed
CVE-2023-0121 was published Jun 7, 2023
Uncontrolled Resource Consumption in LengthPrefixedMessageReader High
CVE-2021-36155 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent... Moderate Unreviewed
CVE-2023-29767 was published Jun 9, 2023
Apache Struts vulnerable to memory exhaustion High
CVE-2023-34396 was published for org.apache.struts:struts-core (Maven) Jun 14, 2023
ryanmurf
Credited to ryanmurf
Apache Struts vulnerable to memory exhaustion Moderate
CVE-2023-34149 was published for org.apache.struts:struts2-core (Maven) Jun 14, 2023
An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of... Unknown Unreviewed
CVE-2023-35116 was published Jun 14, 2023
snappy-java's unchecked chunk length leads to DoS High
CVE-2023-34455 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
Credited to srmish-jfrog
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database