Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,628
NuGet
638
pip
3,240
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

785 advisories

Loading
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Denial of service in neutron Moderate
CVE-2023-3637 was published for neutron (pip) Jul 25, 2023
goproxy Denial of Service vulnerability High
CVE-2023-37788 was published for github.com/elazarl/goproxy (Go) Jul 18, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
avro vulnerable to denial of service via attacker-controlled parameter High
CVE-2023-37475 was published for github.com/hamba/avro (Go) Jul 17, 2023
AdamKorcz
mx-chain-go's relayed transactions always increment nonce High
CVE-2023-34458 was published for github.com/multiversx/mx-chain-go (Go) Jul 13, 2023
is_js vulnerable to Regular Expression Denial of Service High
CVE-2020-26302 was published for is_js (npm) Jul 6, 2023
Withdrawn: scipy memory leak vulnerability Moderate
CVE-2023-25399 was published for scipy (pip) Jul 5, 2023 withdrawn
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
Coraza has potential denial of service vulnerability High
CVE-2023-40586 was published for github.com/corazawaf/coraza/v2 (Go) Jun 26, 2023
rmb122
YARP Denial of Service Vulnerability High
CVE-2023-33141 was published for Yarp.ReverseProxy (NuGet) Jun 23, 2023
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption High
CVE-2022-24839 was published for org.nokogiri:nekohtml (Maven) Jun 22, 2023
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
.NET Denial of Service vulnerability High
CVE-2023-29331 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 14, 2023
jjson vulnerable to stack exhaustion High
CVE-2023-35110 was published for de.grobmeier.json:jjson (Maven) Jun 14, 2023
JSONUtil vulnerable to stack exhaustion Critical
CVE-2023-34615 was published for net.pwall.json:jsonutil (Maven) Jun 14, 2023
hjson stack exhaustion vulnerability High
CVE-2023-34620 was published for org.hjson:hjson (Maven) Jun 14, 2023
pbjson vulnerable to stack exhaustion High
CVE-2023-34616 was published for com.progsbase.libraries:JSON (Maven) Jun 14, 2023
jsonij vulnerable to stack exhaustion High
CVE-2023-34614 was published for cc.plural:jsonij (Maven) Jun 14, 2023
json-io vulnerable to stack exhaustion High
CVE-2023-34610 was published for com.cedarsoftware:json-io (Maven) Jun 14, 2023
ph-json vulnerable to stack exhaustion High
CVE-2023-34612 was published for com.helger.commons:ph-json (Maven) Jun 14, 2023
sojo vulnerable to stack exhaustion High
CVE-2023-34613 was published for net.sf.sojo:sojo (Maven) Jun 14, 2023
htmlcleaner vulnerable to stack exhaustion High
CVE-2023-34624 was published for net.sourceforge.htmlcleaner:htmlcleaner (Maven) Jun 14, 2023
onmyquest
ProTip! Advisories are also available from the GraphQL API