GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
746 advisories
Filter by severity
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Low
GHSA-v7hc-87jc-qrrr
was published
for
knative.dev/eventing-github
(Go)
Dec 6, 2023
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Moderate
CVE-2023-49290
was published
for
github.com/lestrrat-go/jwx
(Go)
Dec 5, 2023
Traefik docker container using 100% CPU
High
CVE-2023-47633
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Moderate
CVE-2023-47124
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Moderate
CVE-2023-48713
was published
for
knative.dev/serving
(Go)
Nov 27, 2023
phpseclib vulnerable to denial of service
High
CVE-2023-49316
was published
for
phpseclib/phpseclib
(Composer)
Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-48369
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-40703
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-48268
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Ethereum ABI decoder DoS when parsing ZST
Moderate
GHSA-rqr8-pxh7-cq3g
was published
for
eth-abi
(pip)
Nov 24, 2023
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Moderate
GHSA-2c7c-3mj9-8fqh
was published
for
github.com/go-jose/go-jose/v3
(Go)
Nov 21, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Moderate
GHSA-w98g-5fmx-wm4x
was published
for
pocketmine/raklib
(Composer)
Nov 15, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
Mattermost vulnerable to excessive memory consumption
Moderate
CVE-2023-5969
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Pillow Denial of Service vulnerability
High
CVE-2023-44271
was published
for
pillow
(pip)
Nov 3, 2023
Django Denial-of-service in django.utils.text.Truncator
Moderate
CVE-2023-43665
was published
for
django
(pip)
Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Moderate
CVE-2023-41164
was published
for
django
(pip)
Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows
High
CVE-2023-46695
was published
for
Django
(pip)
Nov 2, 2023
memory leak flaw was found in ruby-magick
Moderate
CVE-2023-5349
was published
for
rmagick
(RubyGems)
Oct 30, 2023
ProTip!
Advisories are also available from the
GraphQL API