Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,038 advisories

Loading
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks,... Moderate Unreviewed
CVE-2023-45847 was published Dec 12, 2023
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform... Low Unreviewed
CVE-2023-49578 was published Dec 12, 2023
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00
Credited to OhB00
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background... Low Unreviewed
CVE-2023-5870 was published Dec 10, 2023
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Credited to venkkatesh-sekar and chenyan-dfinity
Under certain circumstances, invalid authentication credentials could be sent to the login... High Unreviewed
CVE-2023-4486 was published Dec 7, 2023
Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The... Moderate Unreviewed
CVE-2023-35909 was published Dec 7, 2023
A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers... High Unreviewed
CVE-2023-48833 was published Dec 7, 2023
A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to... High Unreviewed
CVE-2023-48840 was published Dec 7, 2023
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource... High Unreviewed
CVE-2023-48834 was published Dec 7, 2023
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers... High Unreviewed
CVE-2023-48831 was published Dec 7, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr
Credited to ehaydenr
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS Moderate
CVE-2023-49290 was published for github.com/lestrrat-go/jwx (Go) Dec 5, 2023
P3ngu1nW
Credited to P3ngu1nW
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
Credited to ekle
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource... High Unreviewed
CVE-2023-39248 was published Dec 5, 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable... Moderate Unreviewed
CVE-2023-40692 was published Dec 4, 2023
A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by... Moderate Unreviewed
CVE-2023-5915 was published Dec 1, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3... Moderate Unreviewed
CVE-2023-4912 was published Dec 1, 2023
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to... High Unreviewed
CVE-2023-48951 was published Nov 29, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler Moderate
CVE-2023-48713 was published for knative.dev/serving (Go) Nov 27, 2023
AdamKorcz
Credited to AdamKorcz
phpseclib vulnerable to denial of service High
CVE-2023-49316 was published for phpseclib/phpseclib (Composer) Nov 27, 2023
kdambekalns iekadou
Credited to kdambekalns and iekadou
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-48369 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for... Moderate Unreviewed
CVE-2023-5871 was published Nov 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database