GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Moderate
CVE-2024-28102
was published
for
jwcrypto
(pip)
Mar 6, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Liferay Portal vulnerable to Denial of Service
Moderate
CVE-2024-26265
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 20, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Moderate
CVE-2024-24752
was published
for
bref/bref
(Composer)
Feb 1, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
OpenFGA denial of service
Moderate
CVE-2024-23820
was published
for
github.com/openfga/openfga
(Go)
Jan 26, 2024
CRI-O's pods can break out of resource confinement on cgroupv2
Moderate
CVE-2023-6476
was published
for
github.com/cri-o/cri-o
(Go)
Jan 10, 2024
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Moderate
CVE-2023-42504
was published
for
apache-superset
(pip)
Nov 28, 2023
LibreNMS vulnerable to rate limiting bypass on login page
Moderate
CVE-2023-46745
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Moderate
CVE-2023-5573
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Moderate
CVE-2023-45129
was published
for
matrix-synapse
(pip)
Oct 10, 2023
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Moderate
CVE-2023-25822
was published
for
com.epam.reportportal:service-api
(Maven)
Oct 10, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times
Moderate
CVE-2023-42457
was published
for
plone.rest
(pip)
Sep 21, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
Moderate
CVE-2023-4138
was published
for
rdiffweb
(pip)
Aug 3, 2023
Golang TIFF decoder does not place a limit on the size of compressed tile data
Moderate
CVE-2023-29408
was published
for
golang.org/x/image
(Go)
Aug 2, 2023
Denial of service from unlimited password lengths
Moderate
CVE-2023-38492
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Wallabag vulnerable to Allocation of Resources Without Limits or Throttling
Moderate
CVE-2023-3566
was published
for
wallabag/wallabag
(Composer)
Jul 10, 2023
CometBFT PeerState JSON serialization deadlock
Moderate
CVE-2023-34450
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
Apache Struts vulnerable to memory exhaustion
Moderate
CVE-2023-34149
was published
for
org.apache.struts:struts2-core
(Maven)
Jun 14, 2023
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
Moderate
CVE-2023-2666
was published
for
froxlor/froxlor
(Composer)
May 19, 2023
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Moderate
GHSA-qvqg-6rp8-4p9h
was published
for
github.com/ipfs/kubo
(Go)
May 11, 2023
ProTip!
Advisories are also available from the
GraphQL API