Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,643
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,315 advisories

Loading
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed... High Unreviewed
CVE-2023-38039 was published Sep 15, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111),... High Unreviewed
CVE-2022-47562 was published Sep 20, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke
Credited to Malayke
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port... Critical Unreviewed
CVE-2023-43632 was published Sep 21, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times Moderate
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact High
CVE-2023-43642 was published for org.xerial.snappy:snappy-java (Maven) Sep 25, 2023
mkcops janjwerner-confluent
flabbergastedbd
Credited to mkcops, janjwerner-confluent, and flabbergastedbd
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series... High Unreviewed
CVE-2023-20033 was published Sep 27, 2023
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2023-5289 was published for rdiffweb (pip) Sep 29, 2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that... Moderate Unreviewed
CVE-2023-0809 was published Oct 2, 2023
Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common... High Unreviewed
CVE-2023-3967 was published Oct 3, 2023
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate... Moderate Unreviewed
CVE-2023-3153 was published Oct 4, 2023
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of... Moderate Unreviewed
CVE-2023-5371 was published Oct 4, 2023
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1... High Unreviewed
CVE-2023-45371 was published Oct 9, 2023
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing... High Unreviewed
CVE-2023-5330 was published Oct 9, 2023
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server,... High Unreviewed
CVE-2023-40542 was published Oct 10, 2023
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal Moderate
CVE-2023-25822 was published for com.epam.reportportal:service-api (Maven) Oct 10, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events Moderate
CVE-2023-45129 was published for matrix-synapse (pip) Oct 10, 2023
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
Credited to Astralidea
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos... High Unreviewed
CVE-2023-44191 was published Oct 13, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in... High Unreviewed
CVE-2023-45862 was published Oct 14, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics High
CVE-2023-45142 was published for go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful (Go) Oct 16, 2023
programmer04 MadVikingGod
arminru pellared
Credited to programmer04, MadVikingGod, arminru, and pellared
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request... Moderate Unreviewed
CVE-2023-45802 was published Oct 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database