GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
Withdrawn: scipy memory leak vulnerability
Moderate
CVE-2023-25399
was published
for
scipy
(pip)
Jul 5, 2023
•
withdrawn
Apache Any23 vulnerable to excessive memory usage
Moderate
CVE-2023-34150
was published
for
org.apache.any23:apache-any23
(Maven)
Jul 5, 2023
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Moderate
CVE-2023-35925
was published
for
com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit
(Maven)
Jun 22, 2023
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
Vapor's Metrics integration could cause a system drain
Moderate
CVE-2021-21328
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Moderate
CVE-2023-33958
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
Notation vulnerable to denial of service from high number of artifact signatures
Moderate
CVE-2023-33957
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Moderate
GHSA-42qm-8v8m-m78c
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 1, 2023
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
Moderate
CVE-2022-39374
was published
for
matrix-synapse
(pip)
May 24, 2023
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
Moderate
CVE-2023-26044
was published
for
react/http
(Composer)
May 17, 2023
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Moderate
GHSA-qvqg-6rp8-4p9h
was published
for
github.com/ipfs/kubo
(Go)
May 11, 2023
OutOfMemoryError for large multipart without filename in Eclipse Jetty
Moderate
CVE-2023-26048
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 19, 2023
Directus API vulnerable to denial of service
Moderate
CVE-2020-19850
was published
for
directus
(npm)
Apr 4, 2023
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Moderate
CVE-2023-28837
was published
for
wagtail
(pip)
Apr 3, 2023
unpoly-rails Denial of Service vulnerability
Moderate
CVE-2023-28846
was published
for
unpoly-rails
(RubyGems)
Mar 30, 2023
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Moderate
CVE-2023-28626
was published
for
comrak
(Rust)
Mar 28, 2023
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Moderate
CVE-2023-27483
was published
for
github.com/crossplane/crossplane-runtime
(Go)
Mar 13, 2023
Crossplane-runtime contains Improper Input Validation via Compositions
Moderate
CVE-2023-27484
was published
for
github.com/crossplane/crossplane
(Go)
Mar 10, 2023
openstack-neutron uncontrolled resource consumption flaw
Moderate
CVE-2022-3277
was published
for
neutron
(pip)
Mar 7, 2023
XWiki Platform subject to Uncontrolled Resource Consumption
Moderate
CVE-2023-26470
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Mar 3, 2023
Uncontrolled Resource Consumption in golang.org/x/image
Moderate
CVE-2022-41727
was published
for
golang.org/x/image
(Go)
Feb 17, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad
Moderate
CVE-2023-0821
was published
for
github.com/hashicorp/nomad
(Go)
Feb 17, 2023
ProTip!
Advisories are also available from the
GraphQL API