GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
223 advisories
Filter by severity
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
High
CVE-2023-45142
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful
(Go)
Oct 16, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Moderate
CVE-2023-5573
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Duplicate Advisory: Denial of Service in JSON-Java
High
GHSA-rm7j-f5g5-27vv
was published
for
org.json:json
(Maven)
Oct 12, 2023
•
withdrawn
HTTP/2 rapid reset can cause excessive work in net/http
High
CVE-2023-39325
was published
for
golang.org/x/net
(Go)
Oct 11, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Moderate
CVE-2023-45129
was published
for
matrix-synapse
(pip)
Oct 10, 2023
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Moderate
CVE-2023-25822
was published
for
com.epam.reportportal:service-api
(Maven)
Oct 10, 2023
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2023-5289
was published
for
rdiffweb
(pip)
Sep 29, 2023
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
High
CVE-2023-43642
was published
for
org.xerial.snappy:snappy-java
(Maven)
Sep 25, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times
High
CVE-2023-42457
was published
for
plone.rest
(pip)
Sep 21, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
High
CVE-2023-37279
was published
for
github.com/contribsys/faktory
(Go)
Sep 20, 2023
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
High
CVE-2023-32186
was published
for
github.com/rancher/rke2
(Go)
Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
High
CVE-2023-32187
was published
for
github.com/k3s-io/k3s
(Go)
Sep 11, 2023
FaucetSDN Ryu Denial of Service Vulnerability
High
CVE-2020-35139
was published
for
ryu
(pip)
Aug 11, 2023
FaucetSDN Ryu Denial of Service Vulnerability
High
CVE-2020-35141
was published
for
ryu
(pip)
Aug 11, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
libp2p nodes vulnerable to attack using large RSA keys
High
CVE-2023-39533
was published
for
github.com/libp2p/go-libp2p
(Go)
Aug 9, 2023
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
Moderate
CVE-2023-4138
was published
for
rdiffweb
(pip)
Aug 3, 2023
Golang TIFF decoder does not place a limit on the size of compressed tile data
Moderate
CVE-2023-29408
was published
for
golang.org/x/image
(Go)
Aug 2, 2023
Denial of service from unlimited password lengths
Moderate
CVE-2023-38492
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Wallabag vulnerable to Allocation of Resources Without Limits or Throttling
Moderate
CVE-2023-3566
was published
for
wallabag/wallabag
(Composer)
Jul 10, 2023
Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
High
CVE-2023-36814
was published
for
Products.CMFCore
(pip)
Jul 5, 2023
CometBFT PeerState JSON serialization deadlock
Moderate
CVE-2023-34450
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
ProTip!
Advisories are also available from the
GraphQL API