Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs... High Unreviewed
CVE-2023-24536 was published Apr 6, 2023
GraphQL Java vulnerable to stack consumption High
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb High
CVE-2023-28119 was published for github.com/crewjam/saml (Go) Mar 22, 2023
nszetei
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple... High Unreviewed
CVE-2022-42333 was published Mar 21, 2023
DDOS attack on graphql endpoints High
CVE-2023-28104 was published for silverstripe/graphql (Composer) Mar 16, 2023
GuySartorelli
Denial of service in Jenkins Core High
CVE-2023-27901 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
A denial of service is possible from excessive resource consumption in net/http and mime... High Unreviewed
CVE-2022-41725 was published Feb 28, 2023
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method... High Unreviewed
CVE-2022-31394 was published Feb 21, 2023
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification... High Unreviewed
CVE-2023-26249 was published Feb 21, 2023
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non... High Unreviewed
CVE-2022-40513 was published Feb 12, 2023
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via... High Unreviewed
CVE-2023-25193 was published Feb 4, 2023
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x... High Unreviewed
CVE-2023-22323 was published Feb 1, 2023
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4... High Unreviewed
CVE-2023-23846 was published Feb 1, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions... High Unreviewed
CVE-2022-20489 was published Jan 26, 2023
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist... High Unreviewed
CVE-2022-20490 was published Jan 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions... High Unreviewed
CVE-2022-20456 was published Jan 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions... High Unreviewed
CVE-2022-20492 was published Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API