Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

411 advisories

Loading
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics High
CVE-2023-23631 was published for github.com/ipfs/go-unixfsnode (Go) Feb 10, 2023
Jorropo
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics High
CVE-2023-25151 was published for go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego (Go) Feb 8, 2023
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki tdunlap607
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption High
CVE-2020-36562 was published for github.com/shiyanhui/dht (Go) Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption High
CVE-2019-25072 was published for github.com/tendermint/tendermint (Go) Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory High
CVE-2022-3064 was published for gopkg.in/yaml.v2 (Go) Dec 28, 2022
usememos/memos Denial of Service vulnerability High
CVE-2022-4767 was published for github.com/usememos/memos (Go) Dec 27, 2022
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
HuTool vulnerable to Uncontrolled Resource Consumption High
CVE-2022-4565 was published for cn.hutool:hutool-core (Maven) Dec 16, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23492 was published for github.com/libp2p/go-libp2p (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Creation of new database tables through login form on PostgreSQL High
CVE-2022-41932 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Free5gc vulnerable to uncontrolled resource consumption High
CVE-2022-38871 was published for github.com/free5gc/free5gc (Go) Nov 19, 2022
ProTip! Advisories are also available from the GraphQL API