Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,109 advisories

The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to... Moderate Unreviewed
CVE-2024-30218 was published Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood Moderate
GHSA-q6cp-qfwq-4gcv was published for h2 (Rust) Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences Moderate
CVE-2024-28949 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers Moderate
CVE-2023-45288 was published for golang.org/x/net (Go) Apr 4, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to... Unknown Unreviewed
CVE-2024-27316 was published Apr 4, 2024
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is vulnerable to a denial of... Moderate Unreviewed
CVE-2024-27268 was published Apr 4, 2024
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location Moderate
CVE-2024-31209 was published for oidcc (Erlang) Apr 3, 2024
mohamedalikhechine robertfiko
maennchen paulswartz SAFE-Erlang-Elixir
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
Eclipse Vert.x vulnerable to a memory leak in TCP servers Moderate
CVE-2024-1300 was published for io.vertx:vertx-core (Maven) Apr 2, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of... Moderate Unreviewed
CVE-2024-22353 was published Mar 31, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-29893 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 29, 2024
jake-ciolek
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions... Moderate Unreviewed
CVE-2024-2818 was published Mar 28, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to... High Unreviewed
CVE-2023-47150 was published Mar 26, 2024
Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04... Moderate Unreviewed
CVE-2023-29153 was published Mar 22, 2024
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
Slow String Operations via MultiPart Requests in Event-Driven Functions Moderate
CVE-2024-29186 was published for bref/bref (Composer) Mar 22, 2024
smaury mnapoli
rcambien GrahamCampbell
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1A AlmogApiiro
ebickle
Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects... Unknown Unreviewed
CVE-2023-49837 was published Mar 21, 2024
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
erlang-jose vulnerable to denial of service via large p2c value Moderate
CVE-2023-50966 was published for jose (Erlang) Mar 19, 2024
maennchen
tls-listener affected by the slow loris vulnerability with default configuration High
CVE-2024-28854 was published for tls-listener (Rust) Mar 15, 2024
conradludgate
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before... Moderate Unreviewed
CVE-2024-2446 was published Mar 15, 2024
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of... Low Unreviewed
CVE-2024-28053 was published Mar 15, 2024
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the... Low Unreviewed
CVE-2024-24975 was published Mar 15, 2024
ProTip! Advisories are also available from the GraphQL API