GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23486
was published
for
libp2p
(Rust)
Dec 7, 2022
Creation of new database tables through login form on PostgreSQL
High
CVE-2022-41932
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
rdiffweb's lack of token name length limit can result in DoS or memory corruption
High
CVE-2022-3371
was published
for
rdiffweb
(pip)
Oct 1, 2022
rdiffweb allows unlimited length of root directory name, which could result in DoS
High
CVE-2022-3295
was published
for
rdiffweb
(pip)
Sep 27, 2022
rdiffweb vulnerable to potential DoS via memory consumption
High
CVE-2022-3298
was published
for
rdiffweb
(pip)
Sep 27, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
High
CVE-2022-25897
was published
for
org.eclipse.milo:sdk-server
(Maven)
Sep 15, 2022
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
Duplicate of GHSA-m77f-652q-wwp4
High
GHSA-2gg5-7c4v-6xx2
was published
for
axum-core
(Rust)
Sep 15, 2022
•
withdrawn
XNIO `notifyReadClosed` method logging message to unexpected end
High
CVE-2022-0084
was published
for
org.jboss.xnio:xnio-all
(Maven)
Aug 27, 2022
Uncontrolled Resource Consumption in asyncua and opcua
High
CVE-2022-25304
was published
for
asyncua
(pip)
Aug 24, 2022
Uncontrolled Resource Consumption in opcua
High
CVE-2022-25888
was published
for
opcua
(Rust)
Aug 24, 2022
node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit
High
CVE-2022-25231
was published
for
node-opcua
(npm)
Aug 24, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
High
CVE-2022-36124
was published
for
apache-avro
(Rust)
Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
Denial of Service in Spring Cloud Function
High
CVE-2022-22979
was published
for
org.springframework.cloud:spring-cloud-function-parent
(Maven)
Jun 22, 2022
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
High
CVE-2022-1708
was published
for
github.com/cri-o/cri-o
(Go)
Jun 6, 2022
Golang Facebook Thrift servers vulnerable to denial of service
High
CVE-2019-11939
was published
for
github.com/facebook/fbthrift
(Go)
May 24, 2022
golang.org/x/net/http vulnerable to a reset flood
High
CVE-2019-9514
was published
for
golang.org/x/net
(Go)
May 24, 2022
OpenStack Nova VMWare driver leaks rescued images
High
CVE-2014-2573
was published
for
nova
(pip)
May 17, 2022
Plone is vulnerable to denial of service
High
CVE-2012-5499
was published
for
Plone
(pip)
May 17, 2022
Django database denial-of-service with ModelMultipleChoiceField
High
CVE-2015-0222
was published
for
Django
(pip)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
High
CVE-2014-9684
was published
for
glance
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API