GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Potential memory exhaustion attack due to sparse slice deserialization
High
CVE-2024-37298
was published
for
github.com/gorilla/schema
(Go)
Jul 1, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Memory exhaustion in HashiCorp Vault
High
CVE-2023-6337
was published
for
github.com/hashicorp/vault
(Go)
Dec 9, 2023
Traefik docker container using 100% CPU
High
CVE-2023-47633
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
otelgrpc DoS vulnerability due to unbound cardinality metrics
High
CVE-2023-47108
was published
for
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
(Go)
Nov 12, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
High
CVE-2023-45142
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful
(Go)
Oct 16, 2023
HTTP/2 rapid reset can cause excessive work in net/http
High
CVE-2023-39325
was published
for
golang.org/x/net
(Go)
Oct 11, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
High
CVE-2023-37279
was published
for
github.com/contribsys/faktory
(Go)
Sep 20, 2023
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
High
CVE-2023-32186
was published
for
github.com/rancher/rke2
(Go)
Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
High
CVE-2023-32187
was published
for
github.com/k3s-io/k3s
(Go)
Sep 11, 2023
libp2p nodes vulnerable to attack using large RSA keys
High
CVE-2023-39533
was published
for
github.com/libp2p/go-libp2p
(Go)
Aug 9, 2023
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
High
GHSA-q3j6-22wf-3jh9
was published
for
github.com/ipfs/go-bitswap
(Go)
May 11, 2023
distribution catalog API endpoint can lead to OOM via malicious user input
High
CVE-2023-2253
was published
for
github.com/docker/distribution
(Go)
May 11, 2023
Boxo bitswap/server: DOS unbounded persistent memory leak
High
CVE-2023-25568
was published
for
github.com/ipfs/go-libipfs
(Go)
May 11, 2023
Rekor's compressed archives can result in OOM conditions
High
CVE-2023-30551
was published
for
github.com/sigstore/rekor
(Go)
May 3, 2023
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
High
CVE-2023-28119
was published
for
github.com/crewjam/saml
(Go)
Mar 22, 2023
notation-go has excessive memory allocation on verification
High
CVE-2023-25656
was published
for
github.com/notaryproject/notation-go
(Go)
Feb 22, 2023
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
High
CVE-2022-1708
was published
for
github.com/cri-o/cri-o
(Go)
Jun 6, 2022
Golang Facebook Thrift servers vulnerable to denial of service
High
CVE-2019-11939
was published
for
github.com/facebook/fbthrift
(Go)
May 24, 2022
golang.org/x/net/http vulnerable to a reset flood
High
CVE-2019-9514
was published
for
golang.org/x/net
(Go)
May 24, 2022
Docker Registry has Allocation of Resources Without Limits or Throttling
High
CVE-2017-11468
was published
for
github.com/docker/distribution
(Go)
May 13, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
High
CVE-2022-24685
was published
for
github.com/hashicorp/nomad
(Go)
Mar 1, 2022
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
High
CVE-2020-13250
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API