Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

746 advisories

Loading
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
python-multipart vulnerable to Content-Type Header ReDoS High
CVE-2024-24762 was published for fastapi (pip) Feb 12, 2024
nicecatch2000 Kludex
Denial of Service in Connect2id Nimbus JOSE+JWT Moderate
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Mattermost vulnerable to denial of service via large number of emoji reactions Moderate
CVE-2024-1402 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
c0rydoras
Liferay Portal denial of service (memory consumption) Moderate
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
Denial of service in HashiCorp Consul High
CVE-2020-25201 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
CRI-O's pods can break out of resource confinement on cgroupv2 Moderate
CVE-2023-6476 was published for github.com/cri-o/cri-o (Go) Jan 10, 2024
Tal-or
quic-go's path validation mechanism can be exploited to cause denial of service Moderate
CVE-2023-49295 was published for github.com/quic-go/quic-go (Go) Jan 10, 2024
marten-seemann
Microsoft ASP.NET Core project templates vulnerable to denial of service Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
aried3r
XWiki vulnerable to Denial of Service attack through attachments High
CVE-2024-21651 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jan 8, 2024
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
GHSA-4553-hq82-8654 was published for encoded_id-rails (RubyGems) Jan 4, 2024 withdrawn
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value Moderate
CVE-2023-6681 was published for jwcrypto (pip) Dec 28, 2023
Grails data binding causes JVM crash and/or other denial of service Moderate
CVE-2023-46131 was published for org.grails:grails-databinding (Maven) Dec 20, 2023
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Grackle has StackOverflowError in GraphQL query processing High
CVE-2023-50730 was published for edu.gemini:gsp-graphql-core_2.13 (Maven) Dec 18, 2023
Sentry's Astro SDK vulnerable to ReDoS High
CVE-2023-50249 was published for @sentry/astro (npm) Dec 18, 2023
Unbounded queuing of path validation messages in cloudflare-quiche Moderate
CVE-2023-6193 was published for quiche (Rust) Dec 13, 2023
LPardue marten-seemann
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00
ProTip! Advisories are also available from the GraphQL API