Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,643
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,315 advisories

Loading
On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet... High Unreviewed
CVE-2023-38405 was published Jul 17, 2023
Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An... Moderate Unreviewed
CVE-2023-32481 was published Jul 20, 2023
A missing allocation check in sftp server processing read requests may cause a NULL dereference... Moderate Unreviewed
CVE-2023-3603 was published Jul 21, 2023
Denial of service from unlimited password lengths Moderate
CVE-2023-38492 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Credited to 5hank4r
In some circumstances, a stale value could have been used for a global variable in WASM JIT... Moderate Unreviewed
CVE-2023-4046 was published Aug 1, 2023
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which... High Unreviewed
CVE-2023-4011 was published Aug 2, 2023
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial... High Unreviewed
CVE-2022-46485 was published Aug 2, 2023
Golang TIFF decoder does not place a limit on the size of compressed tile data Moderate
CVE-2023-29408 was published for golang.org/x/image (Go) Aug 2, 2023
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-4138 was published for rdiffweb (pip) Aug 3, 2023
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35... Moderate Unreviewed
CVE-2023-38532 was published Aug 8, 2023
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801,... High Unreviewed
CVE-2023-39269 was published Aug 8, 2023
libp2p nodes vulnerable to attack using large RSA keys High
CVE-2023-39533 was published for github.com/libp2p/go-libp2p (Go) Aug 9, 2023
marten-seemann
Credited to marten-seemann
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov
Credited to levpachmanov
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
Credited to nalandial
FaucetSDN Ryu Denial of Service Vulnerability High
CVE-2020-35139 was published for ryu (pip) Aug 11, 2023
FaucetSDN Ryu Denial of Service Vulnerability High
CVE-2020-35141 was published for ryu (pip) Aug 11, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability... Moderate Unreviewed
CVE-2022-48064 was published Aug 22, 2023
An adversary could cause a continuous restart loop to the entire device by sending a large... High Unreviewed
CVE-2023-40710 was published Aug 24, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the... High Unreviewed
CVE-2023-40709 was published Aug 24, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5,... High Unreviewed
CVE-2023-4647 was published Sep 1, 2023
An improper resource allocation vulnerability exists in the OAS Engine configuration management... Moderate Unreviewed
CVE-2023-34994 was published Sep 5, 2023
QUIC connections do not set an upper bound on the amount of data buffered when reading post... High Unreviewed
CVE-2023-39322 was published Sep 8, 2023
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in... Moderate Unreviewed
CVE-2023-4578 was published Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32187 was published for github.com/k3s-io/k3s (Go) Sep 11, 2023
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32186 was published for github.com/rancher/rke2 (Go) Sep 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database