GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,440
Erlang
29
GitHub Actions
16
Go
1,666
Maven
4,927
npm
3,454
NuGet
594
pip
2,857
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
647 advisories
Filter by severity
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating...
Moderate
Unreviewed
CVE-2023-29973
was published
Oct 25, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
High
CVE-2023-45142
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful
(Go)
Oct 16, 2023
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in...
High
Unreviewed
CVE-2023-45862
was published
Oct 14, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Moderate
CVE-2023-5573
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos...
High
Unreviewed
CVE-2023-44191
was published
Oct 13, 2023
Duplicate Advisory: Denial of Service in JSON-Java
High
GHSA-rm7j-f5g5-27vv
was published
for
org.json:json
(Maven)
Oct 12, 2023
•
withdrawn
HTTP/2 rapid reset can cause excessive work in net/http
High
CVE-2023-39325
was published
for
golang.org/x/net
(Go)
Oct 11, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Moderate
CVE-2023-45129
was published
for
matrix-synapse
(pip)
Oct 10, 2023
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Moderate
CVE-2023-25822
was published
for
com.epam.reportportal:service-api
(Maven)
Oct 10, 2023
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server,...
High
Unreviewed
CVE-2023-40542
was published
Oct 10, 2023
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing...
High
Unreviewed
CVE-2023-5330
was published
Oct 9, 2023
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1...
High
Unreviewed
CVE-2023-45371
was published
Oct 9, 2023
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of...
Moderate
Unreviewed
CVE-2023-5371
was published
Oct 4, 2023
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate...
Moderate
Unreviewed
CVE-2023-3153
was published
Oct 4, 2023
Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common...
High
Unreviewed
CVE-2023-3967
was published
Oct 3, 2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that...
Moderate
Unreviewed
CVE-2023-0809
was published
Oct 2, 2023
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2023-5289
was published
for
rdiffweb
(pip)
Sep 29, 2023
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series...
High
Unreviewed
CVE-2023-20033
was published
Sep 27, 2023
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
High
CVE-2023-43642
was published
for
org.xerial.snappy:snappy-java
(Maven)
Sep 25, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times
High
CVE-2023-42457
was published
for
plone.rest
(pip)
Sep 21, 2023
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port...
Critical
Unreviewed
CVE-2023-43632
was published
Sep 21, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
High
CVE-2023-37279
was published
for
github.com/contribsys/faktory
(Go)
Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111),...
High
Unreviewed
CVE-2022-47562
was published
Sep 20, 2023
When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed...
High
Unreviewed
CVE-2023-38039
was published
Sep 15, 2023
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
ProTip!
Advisories are also available from the
GraphQL API