Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,644
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16... Moderate Unreviewed
CVE-2024-1066 was published Feb 8, 2024
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Django denial-of-service attack in the intcomma template filter High
CVE-2024-24680 was published for Django (pip) Feb 7, 2024
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted... Moderate Unreviewed
CVE-2023-22819 was published Feb 6, 2024
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP... Moderate Unreviewed
CVE-2023-45028 was published Feb 2, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Credited to smaury and mnapoli
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers... Critical Unreviewed
CVE-2021-42142 was published Jan 24, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could... Moderate Unreviewed
CVE-2023-47746 was published Jan 22, 2024
By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause... Moderate Unreviewed
CVE-2023-28899 was published Jan 12, 2024
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper... High Unreviewed
CVE-2024-21604 was published Jan 12, 2024
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0... Moderate Unreviewed
CVE-2023-37934 was published Jan 10, 2024
CRI-O's pods can break out of resource confinement on cgroupv2 Moderate
CVE-2023-6476 was published for github.com/cri-o/cri-o (Go) Jan 10, 2024
Tal-or
Credited to Tal-or
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation... Moderate Unreviewed
CVE-2024-22164 was published Jan 9, 2024
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Credited to ebickle
Authenticated users can crash the CubeFS servers with maliciously crafted requests High
CVE-2023-46738 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Credited to AdamKorcz
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation... High Unreviewed
CVE-2023-3171 was published Dec 27, 2023
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource... Moderate Unreviewed
CVE-2023-6910 was published Dec 20, 2023
Allocation of Resources Without Limits in Keycloak High
CVE-2023-6563 was published for org.keycloak:keycloak-model-jpa (Maven) Dec 14, 2023
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size... High Unreviewed
CVE-2023-5379 was published Dec 13, 2023
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email... High Unreviewed
CVE-2023-50455 was published Dec 10, 2023
Memory exhaustion in HashiCorp Vault High
CVE-2023-6337 was published for github.com/hashicorp/vault (Go) Dec 9, 2023
Under certain circumstances, invalid authentication credentials could be sent to the login... High Unreviewed
CVE-2023-4486 was published Dec 7, 2023
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers... High Unreviewed
CVE-2023-48831 was published Dec 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database