GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,109 advisories
Filter by severity
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to...
Moderate
Unreviewed
CVE-2024-30218
was published
Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net
(Go)
Apr 4, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to...
Unknown
Unreviewed
CVE-2024-27316
was published
Apr 4, 2024
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is vulnerable to a denial of...
Moderate
Unreviewed
CVE-2024-27268
was published
Apr 4, 2024
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Moderate
CVE-2024-31209
was published
for
oidcc
(Erlang)
Apr 3, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of...
Moderate
Unreviewed
CVE-2024-22353
was published
Mar 31, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-29893
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 29, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions...
Moderate
Unreviewed
CVE-2024-2818
was published
Mar 28, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to...
High
Unreviewed
CVE-2023-47150
was published
Mar 26, 2024
Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04...
Moderate
Unreviewed
CVE-2023-29153
was published
Mar 22, 2024
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
Slow String Operations via MultiPart Requests in Event-Driven Functions
Moderate
CVE-2024-29186
was published
for
bref/bref
(Composer)
Mar 22, 2024
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects...
Unknown
Unreviewed
CVE-2023-49837
was published
Mar 21, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
erlang-jose vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50966
was published
for
jose
(Erlang)
Mar 19, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before...
Moderate
Unreviewed
CVE-2024-2446
was published
Mar 15, 2024
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of...
Low
Unreviewed
CVE-2024-28053
was published
Mar 15, 2024
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the...
Low
Unreviewed
CVE-2024-24975
was published
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API