Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,644
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
Credited to ekle
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3... Moderate Unreviewed
CVE-2023-4912 was published Dec 1, 2023
An allocation of resources without limits or throttling vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-34389 was published Nov 30, 2023
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability Moderate
CVE-2023-42504 was published for apache-superset (pip) Nov 28, 2023
A possibility of unwanted server memory consumption was detected through the obsolete... Moderate Unreviewed
CVE-2023-6117 was published Nov 22, 2023
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Credited to rook1337
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
When a specific component is loaded a local attacker and is able to send a specially crafted... High Unreviewed
CVE-2023-38543 was published Nov 15, 2023
otelgrpc DoS vulnerability due to unbound cardinality metrics High
CVE-2023-47108 was published for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (Go) Nov 12, 2023
agmond
Credited to agmond
An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9... Low Unreviewed
CVE-2023-5963 was published Nov 6, 2023
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all... Moderate Unreviewed
CVE-2023-3246 was published Nov 6, 2023
Pillow Denial of Service vulnerability High
CVE-2023-44271 was published for pillow (pip) Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows High
CVE-2023-46695 was published for Django (pip) Nov 2, 2023
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow... High Unreviewed
CVE-2023-20155 was published Nov 1, 2023
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch... Moderate Unreviewed
CVE-2023-5625 was published Nov 1, 2023
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating... Moderate Unreviewed
CVE-2023-29973 was published Oct 25, 2023
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request... Moderate Unreviewed
CVE-2023-45802 was published Oct 23, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics High
CVE-2023-45142 was published for go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful (Go) Oct 16, 2023
programmer04 MadVikingGod
arminru pellared
Credited to programmer04, MadVikingGod, arminru, and pellared
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in... High Unreviewed
CVE-2023-45862 was published Oct 14, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos... High Unreviewed
CVE-2023-44191 was published Oct 13, 2023
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
Credited to Astralidea
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events Moderate
CVE-2023-45129 was published for matrix-synapse (pip) Oct 10, 2023
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal Moderate
CVE-2023-25822 was published for com.epam.reportportal:service-api (Maven) Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database