Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Potential memory exhaustion attack due to sparse slice deserialization High
CVE-2024-37298 was published for github.com/gorilla/schema (Go) Jul 1, 2024
AlexVasiluta
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
Memory exhaustion in HashiCorp Vault High
CVE-2023-6337 was published for github.com/hashicorp/vault (Go) Dec 9, 2023
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
otelgrpc DoS vulnerability due to unbound cardinality metrics High
CVE-2023-47108 was published for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (Go) Nov 12, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics High
CVE-2023-45142 was published for go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful (Go) Oct 16, 2023
programmer04 MadVikingGod
arminru pellared
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32186 was published for github.com/rancher/rke2 (Go) Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32187 was published for github.com/k3s-io/k3s (Go) Sep 11, 2023
libp2p nodes vulnerable to attack using large RSA keys High
CVE-2023-39533 was published for github.com/libp2p/go-libp2p (Go) Aug 9, 2023
marten-seemann
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak High
GHSA-q3j6-22wf-3jh9 was published for github.com/ipfs/go-bitswap (Go) May 11, 2023
Jorropo guseggert
distribution catalog API endpoint can lead to OOM via malicious user input High
CVE-2023-2253 was published for github.com/docker/distribution (Go) May 11, 2023
josegomezr
Boxo bitswap/server: DOS unbounded persistent memory leak High
CVE-2023-25568 was published for github.com/ipfs/go-libipfs (Go) May 11, 2023
Jorropo guseggert
Rekor's compressed archives can result in OOM conditions High
CVE-2023-30551 was published for github.com/sigstore/rekor (Go) May 3, 2023
AdamKorcz DavidKorczynski
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb High
CVE-2023-28119 was published for github.com/crewjam/saml (Go) Mar 22, 2023
nszetei
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Helm Controller denial of service High
CVE-2022-36049 was published for github.com/fluxcd/flux2 (Go) Sep 16, 2022
pjbgf
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Golang Facebook Thrift servers vulnerable to denial of service High
CVE-2019-11939 was published for github.com/facebook/fbthrift (Go) May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
Docker Registry has Allocation of Resources Without Limits or Throttling High
CVE-2017-11468 was published for github.com/docker/distribution (Go) May 13, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2022-24685 was published for github.com/hashicorp/nomad (Go) Mar 1, 2022
Allocation of Resources Without Limits or Throttling in Hashicorp Consul High
CVE-2020-13250 was published for github.com/hashicorp/consul (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API