GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
411 advisories
Filter by severity
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
Denial of service due to unlimited number of parts
High
CVE-2023-25576
was published
for
@fastify/multipart
(npm)
Feb 14, 2023
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
High
CVE-2023-23631
was published
for
github.com/ipfs/go-unixfsnode
(Go)
Feb 10, 2023
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics
High
CVE-2023-25151
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego
(Go)
Feb 8, 2023
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
ReDoS Vulnerability in ua-parser-js version
High
CVE-2022-25927
was published
for
ua-parser-js
(npm)
Jan 24, 2023
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
High
CVE-2022-44566
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
MooTools Regular Expression Denial of Service
High
CVE-2021-32821
was published
for
mootools
(npm)
Jan 3, 2023
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
High
CVE-2020-36562
was published
for
github.com/shiyanhui/dht
(Go)
Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption
High
CVE-2019-25072
was published
for
github.com/tendermint/tendermint
(Go)
Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory
High
CVE-2022-3064
was published
for
gopkg.in/yaml.v2
(Go)
Dec 28, 2022
usememos/memos Denial of Service vulnerability
High
CVE-2022-4767
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
HuTool vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-4565
was published
for
cn.hutool:hutool-core
(Maven)
Dec 16, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-3509
was published
for
com.google.protobuf:protobuf-java
(Maven)
Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-3510
was published
for
com.google.protobuf:protobuf-java
(Maven)
Dec 12, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23487
was published
for
libp2p
(npm)
Dec 7, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23492
was published
for
github.com/libp2p/go-libp2p
(Go)
Dec 7, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23486
was published
for
libp2p
(Rust)
Dec 7, 2022
Creation of new database tables through login form on PostgreSQL
High
CVE-2022-41932
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
Free5gc vulnerable to uncontrolled resource consumption
High
CVE-2022-38871
was published
for
github.com/free5gc/free5gc
(Go)
Nov 19, 2022
ProTip!
Advisories are also available from the
GraphQL API