Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

745 advisories

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
CVE-2024-0241 was published for encoded_id-rails (RubyGems) Oct 24, 2023
RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack Moderate
CVE-2023-46120 was published for com.rabbitmq:amqp-client (Maven) Oct 24, 2023
LianKee
OpenFGA DoS vulnerability High
CVE-2023-45810 was published for github.com/openfga/openfga (Go) Oct 18, 2023
KlausVii
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
OpenSearch uncontrolled resource consumption High
GHSA-8wx3-324g-w4qq was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries High
CVE-2023-40180 was published for silverstripe/graphql (Composer) Oct 17, 2023
Traefik vulnerable to HTTP/2 request causing denial of service Moderate
GHSA-7v4p-328v-8v5g was published for github.com/traefik/traefik (Go) Oct 17, 2023
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack High
GHSA-xpw8-rcwv-8f8p was published for io.netty:netty-codec-http2 (Maven) Oct 10, 2023
DuyTran-TomTom
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel High
CVE-2023-38171 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset High
GHSA-vx74-f528-fxqg was published for github.com/nghttp2/nghttp2 (Go) Oct 10, 2023
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics High
CVE-2023-43810 was published for opentelemetry-instrumentation (pip) Oct 2, 2023
programmer04
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-5196 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Chaijs/get-func-name vulnerable to ReDoS High
CVE-2023-43646 was published for get-func-name (npm) Sep 27, 2023
GAP-dev keithamus
Undertow vulnerable to denial of service High
CVE-2023-3223 was published for io.undertow:undertow-parent (Maven) Sep 27, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times High
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
Tungstenite allows remote attackers to cause a denial of service High
CVE-2023-43669 was published for tungstenite (Rust) Sep 21, 2023
bayandin tsal
graphql Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-26144 was published for graphql (npm) Sep 20, 2023
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
Argo CD repo-server Denial of Service vulnerability Moderate
CVE-2023-40584 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
amit-laish
ProTip! Advisories are also available from the GraphQL API