GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
746 advisories
Filter by severity
Argo CD repo-server Denial of Service vulnerability
Moderate
CVE-2023-40584
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
Go-Ethereum vulnerable to denial of service via malicious p2p message
High
CVE-2023-40591
was published
for
github.com/ethereum/go-ethereum
(Go)
Sep 6, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
webpki: CPU denial of service in certificate path building
High
GHSA-8qv2-5vq6-g2g7
was published
for
webpki
(Rust)
Aug 25, 2023
libp2p nodes vulnerable to OOM attack
High
CVE-2023-40583
was published
for
github.com/libp2p/go-libp2p
(Go)
Aug 24, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
rustls-webpki: CPU denial of service in certificate path building
High
GHSA-fh2r-99q2-6mmg
was published
for
rustls-webpki
(Rust)
Aug 22, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
.NET Denial of Service Vulnerability
High
CVE-2023-38178
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 9, 2023
Denial of service in jackson-dataformats-text
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformats-text
(Maven)
Aug 8, 2023
Denial of service from large image
Low
CVE-2023-37900
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
goproxy Denial of Service vulnerability
High
CVE-2023-37788
was published
for
github.com/elazarl/goproxy
(Go)
Jul 18, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads
Low
CVE-2023-37481
was published
for
ethyca-fides
(pip)
Jul 18, 2023
Fides Webserver Vulnerable to Zip Bomb File Uploads
Low
CVE-2023-37480
was published
for
ethyca-fides
(pip)
Jul 18, 2023
avro vulnerable to denial of service via attacker-controlled parameter
High
CVE-2023-37475
was published
for
github.com/hamba/avro
(Go)
Jul 17, 2023
mx-chain-go's relayed transactions always increment nonce
High
CVE-2023-34458
was published
for
github.com/multiversx/mx-chain-go
(Go)
Jul 13, 2023
is_js vulnerable to Regular Expression Denial of Service
High
CVE-2020-26302
was published
for
is_js
(npm)
Jul 6, 2023
Withdrawn: scipy memory leak vulnerability
Moderate
CVE-2023-25399
was published
for
scipy
(pip)
Jul 5, 2023
•
withdrawn
Apache Any23 vulnerable to excessive memory usage
Moderate
CVE-2023-34150
was published
for
org.apache.any23:apache-any23
(Maven)
Jul 5, 2023
Coraza has potential denial of service vulnerability
High
CVE-2023-40586
was published
for
github.com/corazawaf/coraza/v2
(Go)
Jun 26, 2023
YARP Denial of Service Vulnerability
High
CVE-2023-33141
was published
for
Yarp.ReverseProxy
(NuGet)
Jun 23, 2023
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Moderate
CVE-2023-35925
was published
for
com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit
(Maven)
Jun 22, 2023
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-24839
was published
for
org.nokogiri:nekohtml
(Maven)
Jun 22, 2023
ProTip!
Advisories are also available from the
GraphQL API