Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,262
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,313 advisories

Loading
zlib-rs stack overflow during decompression with malicious input Moderate
GHSA-j3px-q95c-9683 was published for libz-rs-sys (Rust) Nov 14, 2024
inahga
Credited to inahga
Missing ratelimit on passwrod resets in zenml Moderate
CVE-2024-4311 was published for zenml (pip) Nov 14, 2024
In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page,... High Unreviewed
CVE-2024-3760 was published Nov 14, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk SuperMaxine
MikuroXina
Credited to mariancorneci-snyk, SuperMaxine, and MikuroXina
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash)... High Unreviewed
CVE-2019-25220 was published Nov 18, 2024
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service ... Moderate Unreviewed
CVE-2024-52918 was published Nov 18, 2024
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop)... High Unreviewed
CVE-2024-52920 was published Nov 18, 2024
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory... High Unreviewed
CVE-2024-52915 was published Nov 18, 2024
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis... Moderate Unreviewed
CVE-2024-52917 was published Nov 18, 2024
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific... Moderate Unreviewed
CVE-2024-52913 was published Nov 18, 2024
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood... High Unreviewed
CVE-2024-52916 was published Nov 18, 2024
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a... High Unreviewed
CVE-2024-52914 was published Nov 18, 2024
Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the... High Unreviewed
CVE-2021-1285 was published Nov 18, 2024
In the Linux kernel, the following vulnerability has been resolved: signal: restore the... Moderate Unreviewed
CVE-2024-50271 was published Nov 19, 2024
In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding... Moderate Unreviewed
CVE-2024-50285 was published Nov 19, 2024
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper... Moderate Unreviewed
CVE-2018-9412 was published Nov 20, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers Low
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows... High Unreviewed
CVE-2024-48530 was published Nov 20, 2024
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
Credited to defnull
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
westonsteimel
Credited to westonsteimel
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
Credited to kexinoh
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is... Moderate Unreviewed
CVE-2024-41761 was published Nov 23, 2024
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via... High Unreviewed
CVE-2024-31669 was published Dec 2, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
Credited to Startr4ck, defnull, and mnqazi
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database