GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs...
High
Unreviewed
CVE-2023-24536
was published
Apr 6, 2023
GraphQL Java vulnerable to stack consumption
High
CVE-2023-28867
was published
for
com.graphql-java:graphql-java
(Maven)
Mar 27, 2023
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
High
CVE-2023-28119
was published
for
github.com/crewjam/saml
(Go)
Mar 22, 2023
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple...
High
Unreviewed
CVE-2022-42333
was published
Mar 21, 2023
DDOS attack on graphql endpoints
High
CVE-2023-28104
was published
for
silverstripe/graphql
(Composer)
Mar 16, 2023
Denial of service in Jenkins Core
High
CVE-2023-27901
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
A denial of service is possible from excessive resource consumption in net/http and mime...
High
Unreviewed
CVE-2022-41725
was published
Feb 28, 2023
notation-go has excessive memory allocation on verification
High
CVE-2023-25656
was published
for
github.com/notaryproject/notation-go
(Go)
Feb 22, 2023
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method...
High
Unreviewed
CVE-2022-31394
was published
Feb 21, 2023
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification...
High
Unreviewed
CVE-2023-26249
was published
Feb 21, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Denial of service vulnerability on Password reset page
High
CVE-2023-25171
was published
for
kiwitcms
(pip)
Feb 15, 2023
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
Denial of service due to unlimited number of parts
High
CVE-2023-25576
was published
for
@fastify/multipart
(npm)
Feb 14, 2023
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non...
High
Unreviewed
CVE-2022-40513
was published
Feb 12, 2023
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via...
High
Unreviewed
CVE-2023-25193
was published
Feb 4, 2023
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x...
High
Unreviewed
CVE-2023-22323
was published
Feb 1, 2023
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4...
High
Unreviewed
CVE-2023-23846
was published
Feb 1, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions...
High
Unreviewed
CVE-2022-20489
was published
Jan 26, 2023
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist...
High
Unreviewed
CVE-2022-20490
was published
Jan 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions...
High
Unreviewed
CVE-2022-20456
was published
Jan 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions...
High
Unreviewed
CVE-2022-20492
was published
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API