Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server,... High Unreviewed
CVE-2023-40542 was published Oct 10, 2023
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing... High Unreviewed
CVE-2023-5330 was published Oct 9, 2023
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1... High Unreviewed
CVE-2023-45371 was published Oct 9, 2023
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of... Moderate Unreviewed
CVE-2023-5371 was published Oct 4, 2023
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate... Moderate Unreviewed
CVE-2023-3153 was published Oct 4, 2023
Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common... High Unreviewed
CVE-2023-3967 was published Oct 3, 2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that... Moderate Unreviewed
CVE-2023-0809 was published Oct 2, 2023
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2023-5289 was published for rdiffweb (pip) Sep 29, 2023
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series... High Unreviewed
CVE-2023-20033 was published Sep 27, 2023
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact High
CVE-2023-43642 was published for org.xerial.snappy:snappy-java (Maven) Sep 25, 2023
mkcops janjwerner-confluent
flabbergastedbd
Credited to mkcops, janjwerner-confluent, and flabbergastedbd
plone.rest vulnerable to Denial of Service when ++api++ is used many times Moderate
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port... Critical Unreviewed
CVE-2023-43632 was published Sep 21, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke
Credited to Malayke
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111),... High Unreviewed
CVE-2022-47562 was published Sep 20, 2023
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed... High Unreviewed
CVE-2023-38039 was published Sep 15, 2023
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32186 was published for github.com/rancher/rke2 (Go) Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32187 was published for github.com/k3s-io/k3s (Go) Sep 11, 2023
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in... Moderate Unreviewed
CVE-2023-4578 was published Sep 11, 2023
QUIC connections do not set an upper bound on the amount of data buffered when reading post... High Unreviewed
CVE-2023-39322 was published Sep 8, 2023
An improper resource allocation vulnerability exists in the OAS Engine configuration management... Moderate Unreviewed
CVE-2023-34994 was published Sep 5, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5,... High Unreviewed
CVE-2023-4647 was published Sep 1, 2023
An adversary could cause a continuous restart loop to the entire device by sending a large... High Unreviewed
CVE-2023-40710 was published Aug 24, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the... High Unreviewed
CVE-2023-40709 was published Aug 24, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability... Moderate Unreviewed
CVE-2022-48064 was published Aug 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database