Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

796 advisories

Loading
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
Eclipse Jetty has a denial of service vulnerability on DosFilter Moderate
CVE-2024-9823 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Oct 14, 2024
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters Moderate
CVE-2024-45230 was published for Django (pip) Oct 8, 2024
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events Moderate
CVE-2024-47003 was published for github.com/mattermost/mattermost/server/v8 (Go) Sep 26, 2024
c0rydoras
Denial of service in rocket chat message parser Moderate
CVE-2024-46935 was published for @rocket.chat/message-parser (npm) Sep 25, 2024
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
vLLM Denial of Service via the best_of parameter Moderate
CVE-2024-8939 was published for vllm (pip) Sep 17, 2024
Missing connection timeout in Aardvark-dns High
CVE-2024-8418 was published for aardvark-dns (Rust) Sep 4, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
Flowise Unauthenticated Denial of Service (DoS) vulnerability High
CVE-2024-8182 was published for flowise (npm) Aug 27, 2024
Mattermost Plugin Channel Export excessive resource consumption Moderate
CVE-2024-43105 was published for github.com/mattermost/mattermost-plugin-channel-export (Go) Aug 23, 2024
c0rydoras
fugit parse and parse_nat stall on lengthy input Moderate
CVE-2024-43380 was published for fugit (RubyGems) Aug 19, 2024
personnumber3377 bensheldon
Stack overflow when parsing specially crafted JSON ABI strings Moderate
GHSA-8327-84cj-8xjm was published for alloy-json-abi (Rust) Aug 15, 2024
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability High
CVE-2024-38168 was published for Microsoft.AspNetCore.App.Runtime.win-arm (NuGet) Aug 13, 2024
CosmWasm wasmd has large address count in ValidateBasic Low
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
Podman vulnerable to memory-based denial of service High
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security amitguptagwl
iamvolvo aaron-belenky
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek crenshaw-dev
pasha-codefresh
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources Moderate
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database